VYPR
Moderate severityNVD Advisory· Published Nov 27, 2023· Updated Oct 11, 2024

Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards

CVE-2023-6202

Description

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
>= 9.1.0, < 9.1.19.1.1
github.com/mattermost/mattermost/server/v8Go
>= 9.0.0, < 9.0.29.0.2
github.com/mattermost/mattermost/server/v8Go
< 8.1.48.1.4
github.com/mattermost/mattermost-server/v6Go
< 7.8.137.8.13

Affected products

41

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.