CVE-2023-6458

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-6458

Severity

9.8

Critical

CVSS CVSS_V3

Description

Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.

References

https://images.chainguard.dev/security/CGA-qwf6-gjxq-696h
https://github.com/advisories/GHSA-7664-hcp7-f497
https://images.chainguard.dev/security/CGA-r3x9-cq8h-p7qc
https://images.chainguard.dev/security/CGA-2v29-7fpv-pcp2
https://images.chainguard.dev/security/CGA-q64f-hcvp-3p43
https://images.chainguard.dev/security/CGA-h8fx-vmhf-9gcp
https://images.chainguard.dev/security/CGA-c667-595q-59pj
https://images.chainguard.dev/security/CGA-cq5p-922f-8wjg
https://images.chainguard.dev/security/CGA-m6j6-xrp7-mrrv
https://images.chainguard.dev/security/CGA-rh54-5cfw-232p
https://images.chainguard.dev/security/CGA-3vxg-fqpc-q9m6
https://images.chainguard.dev/security/CGA-hfcw-hc62-75rh
https://images.chainguard.dev/security/CGA-5hwc-cj86-h38f
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal