CVE-2023-2783 – github.com/mattermost/mattermost-server/v6

Package

Manager: go
Name: github.com/mattermost/mattermost-server/v6
Vulnerable Version: =7.10.0 || >=7.10.0 <7.10.1 || >=7.9.0 <7.9.4 || >=6.0.0 <7.8.5 || >=0 <6.0.0-20230511130429-1629a6ca7fed

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00102 pctl0.28598

Details

Mattermost Server Missing Authorization vulnerability Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.

Metadata

Created: 2023-06-16T09:30:24Z
Modified: 2025-07-25T14:50:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-455c-vqrf-mghr/GHSA-455c-vqrf-mghr.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-455c-vqrf-mghr
Finding: F039
Auto approve: 1