Vulnerability Details CVE-2023-3584
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.4%
CVSS Severity
CVSS v3 Score 3.1
Products affected by CVE-2023-3584
-
cpe:2.3:a:mattermost:mattermost_server:7.10.0
-
cpe:2.3:a:mattermost:mattermost_server:7.10.1
-
cpe:2.3:a:mattermost:mattermost_server:7.10.2
-
cpe:2.3:a:mattermost:mattermost_server:7.8.0
-
cpe:2.3:a:mattermost:mattermost_server:7.8.1
-
cpe:2.3:a:mattermost:mattermost_server:7.8.2
-
cpe:2.3:a:mattermost:mattermost_server:7.8.3
-
cpe:2.3:a:mattermost:mattermost_server:7.8.4