CVE-2023-6202: Improper Access Control

November 27, 2023 (updated November 28, 2023)

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.

References

github.com/advisories/GHSA-85jj-c9jr-9jhx
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2023-6202

Code Behaviors & Features

Detect and mitigate CVE-2023-6202 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →