CVE-2023-3613

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-3613

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3613.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3613

Aliases

BIT-mattermost-2023-3613

Published

2023-07-17T16:15:11.107Z

Modified

2026-04-10T05:00:05.045561Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

Fixed

96a934a6969ca6294450bcc60fc8ea1371488521

Introduced

c4d8c1450ab2b9538bbc2690ca1ee865567a5888

Fixed

cf5279c4598f3d49396d21ab539413173a159cf5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.8.6"
        },
        {
            "introduced": "7.9.0"
        },
        {
            "fixed": "7.10.3"
        }
    ]
}

Affected versions

Other

cloud-2022-07-20-1

cloud-2022-08-10-1

cloud-2022-09-08-1

cloud-2022-10-06-1

cloud-2022-11-11-1

cloud-2022-11-24-1

cloud-2023-01-26-1

cloud-2023-03-29-1

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.2.0-rc1

v5.2.0-rc2

v7.*

v7.10.0

v7.10.1

v7.10.2

v7.8.0

v7.8.1

v7.8.2

v7.8.3

v7.8.4

v7.8.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3613.json"