CVE-2023-43754

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-43754

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43754.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-43754

Aliases

GHSA-jjr7-372r-cx7x

Related

CGA-2x25-gg7q-7jjw

Published

2023-11-27T10:15:07.657Z

Modified

2026-04-12T07:20:04.006584Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost

Events

Introduced

Last affected

b69ff7d1038609a4a29a7db104679d21da10ad09

Last affected

5934ff113becf755beb978cc7bd1ba6564cbbdd6

Introduced

90f502dc2dc80ee25cfb7d7bc3e743b53564a5a7

Last affected

4fe1024a51f22f239c19c33838dbdcf7589b7b94

Introduced

987e843629fe3f11861fda23ceb66884f5973ef1

Last affected

77f094c7ee8c7a00be01c2df72f948a62c690b66

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.8.12"
        },
        {
            "last_affected": "9.1.0"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.1.3"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.0.1"
        }
    ],
    "cpe": [
        "cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:mattermost:mattermost:9.1.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

@mattermost/client@8.*

@mattermost/client@8.1.1

@mattermost/client@9.*

@mattermost/client@9.0.0

@mattermost/client@9.1.0

@mattermost/types@8.*

@mattermost/types@8.1.1

@mattermost/types@9.*

@mattermost/types@9.0.0

@mattermost/types@9.1.0

Other

cloud-2022-07-20-1

cloud-2022-08-10-1

cloud-2022-09-08-1

cloud-2022-10-06-1

cloud-2022-11-11-1

cloud-2022-11-24-1

cloud-2023-01-26-1

cloud-2023-07-26-1

cloud-2023-09-26-1

server/public/v0.*

server/public/v0.0.5

server/public/v0.0.6

server/public/v0.0.7

server/public/v0.0.8

server/public/v0.0.9

v0.*

v0.5.0

v4.*

v4.10.0-rc1

v4.2.0-rc1

v4.3.0-rc1

v4.4.0-rc1

v4.5.0-rc1

v4.6.0-rc1

v4.6.0-rc2

v4.7.0-rc1

v4.8.0-rc1

v4.9.0-rc1

v5.*

v5.0.0-rc1

v5.1.0-rc1

v5.2.0-rc1

v5.2.0-rc2

v7.*

v7.8.0

v7.8.1

v7.8.10

v7.8.10-rc3

v7.8.10-rc4

v7.8.10-rc5

v7.8.11

v7.8.11-rc1

v7.8.12

v7.8.12-rc1

v7.8.12-rc2

v7.8.2

v7.8.3

v7.8.4

v7.8.5

v7.8.6

v7.8.7

v7.8.8

v7.8.9

v8.*

v8.1.0

v8.1.0-rc2

v8.1.1

v8.1.1-rc1

v8.1.1-rc2

v8.1.2

v8.1.2-rc1

v8.1.2-rc2

v8.1.3

v8.1.3-rc1

v8.1.3-rc2

v9.*

v9.0.0

v9.0.0-rc2

v9.0.1

v9.0.1-rc1

v9.1.0

v9.1.0-rc1

v9.1.0-rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43754.json"