Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-3614
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3615
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-07-17
CVE-2023-37974
Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-17
CVE-2023-37985
Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3577
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.
CVSS Score
3.5
EPSS Score
0.002
Published
2023-07-17
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3582
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, 
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3584
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3585
Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.
CVSS Score
4.2
EPSS Score
0.002
Published
2023-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved