Low severityNVD Advisory· Published Aug 11, 2023· Updated Oct 1, 2024

Attachment of deleted message in a thread remains accessible and downloadable

CVE-2023-4105

Description

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/mattermost/mattermost-server/v6Go	>= 7.9.0, < 7.9.6	7.9.6
github.com/mattermost/mattermost-server/v6Go	>= 7.10.0, < 7.10.4	7.10.4
github.com/mattermost/mattermost-server/v6Go	< 7.8.8	7.8.8

Affected products

Mattermost/Mattermostv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-g3v6-r8p9-wxg9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-4105ghsaADVISORY
github.com/mattermost/mattermostghsaPACKAGE
mattermost.com/security-updatesghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000