CVE-2023-7114
HIGH WAF: High
CVSS 8.8
Published: 2023-12-29
CWE-22
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost | up to 2.10.1 |
| mattermost | mattermost | up to 2.10.1 |
References
- mattermost.com (Vendor Advisory)