CVE Catalog
CVE-2023-3613
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk0.25%
17th percentile — higher than 17% of all known CVEs
Summary
The Mattermost WelcomeBot plugin fails to validate membership status when inviting or adding users to channels, allowing guest accounts to be added by default.
Risk Assessment
The organization may be exposed to unauthorized access to channels by guest accounts, potentially leading to information leaks or privacy breaches.
Recommendation
It is recommended to update the WelcomeBot plugin and implement additional membership status verification mechanisms before adding users to channels.
Original NVD description (English source)
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

