Vulnerability Details CVE-2023-3577
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 3.5
Products affected by CVE-2023-3577
-
cpe:2.3:a:mattermost:mattermost_server:7.10.0
-
cpe:2.3:a:mattermost:mattermost_server:7.10.1
-
cpe:2.3:a:mattermost:mattermost_server:7.10.2
-
cpe:2.3:a:mattermost:mattermost_server:7.8.0
-
cpe:2.3:a:mattermost:mattermost_server:7.8.1
-
cpe:2.3:a:mattermost:mattermost_server:7.8.2
-
cpe:2.3:a:mattermost:mattermost_server:7.8.3
-
cpe:2.3:a:mattermost:mattermost_server:7.8.4
-
cpe:2.3:a:mattermost:mattermost_server:7.8.5
-
cpe:2.3:a:mattermost:mattermost_server:7.8.6