CVE Catalog

CVE-2023-3577

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

Risk Assessment

An attacker could exploit this vulnerability to gain access to internal network resources, potentially leading to the disclosure of sensitive information.

Recommendation

It is recommended to update Mattermost to the latest version to patch this vulnerability and implement additional access restrictions on API interfaces.

Original NVD description (English source)

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS