Skip to main content

Origin Validation Error

CVE-2023-3581

Severity High
Score 8.1/10

Summary

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM (Man In The Middle) attacker on Mattermost to access the websocket APIs. This issue affects the versions through 7.8.6, 7.9.0 through 7.9.4, and 7.10.0 through 7.10.2.

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-346 - Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

Advisory Timeline

  • Published