CVE-2023-3587
LowCVSS 2.7Exploitation Probability (EPSS)
Low risk34th percentile — higher than 34% of all known CVEs
Summary
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state. This allows any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive data, as users can gain access to the board with editor permissions without appropriate information about permissions.
Recommendation
It is recommended to update Mattermost to the latest version to fix this vulnerability and review user permissions and shared links in the system.
Original NVD description (English source)
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

