CVE-2023-6458
HIGHMattermost < 7.8.14, 8.1.5, 9.1.2 - Client-Side Path Traversal via Route Parameters
Title source: llmDescription
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
References (1)
Core 1
Core References
Vendor Advisory
https://mattermost.com/security-updates
Scores
CVSS v3
7.1
EPSS
0.0046
EPSS Percentile
64.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
Details
CWE
CWE-22
CWE-74
Status
published
Products (4)
mattermost/mattermost
0 - 8.1.5Go
mattermost/mattermost
9.1.0 - 9.1.2Go
mattermost/mattermost-server
0 - 7.8.14Go
mattermost/mattermost_server
< 7.8.14
Published
Dec 06, 2023
Tracked Since
Feb 18, 2026