Origin Validation Error
CVE-2023-3581
Summary
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM (Man In The Middle) attacker on Mattermost to access the websocket APIs. This issue affects the versions through 7.8.6, 7.9.0 through 7.9.4, and 7.10.0 through 7.10.2.
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.
References
Advisory Timeline
- Published