CVE-2023-3613

Source
https://cve.org/CVERecord?id=CVE-2023-3613
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3613.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-3613
Aliases
Published
2023-07-17T15:31:23.674Z
Modified
2026-07-15T01:49:17.750578410Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Guest accounts invited and added to channels by Welcomebot plugin
Details

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

Database specific
{
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3613.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "7.8.5"
                },
                {
                    "last_affected": "7.10.2"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "Mattermost"
}
References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.8.6"
        },
        {
            "introduced": "7.9.0"
        },
        {
            "fixed": "7.10.3"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

Other
cloud-2022-07-20-1
cloud-2022-08-10-1
cloud-2022-09-08-1
cloud-2022-10-06-1
cloud-2022-11-11-1
cloud-2022-11-24-1
cloud-2023-01-26-1
cloud-2023-03-29-1
v0.*
v0.5.0
v4.*
v4.10.0-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.0.0-rc1
v5.1.0-rc1
v5.2.0-rc1
v5.2.0-rc2
v7.*
v7.10.0
v7.10.1
v7.10.2
v7.8.0
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.8.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3613.json"