CVE-2023-2783: Missing Authorization

June 16, 2023 (updated June 27, 2023)

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.

References

github.com/advisories/GHSA-455c-vqrf-mghr
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-2783

Code Behaviors & Features

Detect and mitigate CVE-2023-2783 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →