CVE-2023-3577

LOW

Mattermost 7.8.0-7.8.6 - Blind Server-Side Request Forgery via Interactive Dialog

Title source: manual

Description

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

References (1)

Core 1

Core References

Vendor Advisory

https://mattermost.com/security-updates

Scores

CVSS v3 3.5

EPSS 0.0021

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

mattermost/mattermost_server 7.8.0 - 7.8.7

Published Jul 17, 2023

Tracked Since Feb 18, 2026