{"id":"GHSA-7664-hcp7-f497","summary":"Mattermost Injection vulnerability","details":"Mattermost webapp fails to validate route parameters in/\u003cTEAM_NAME\u003e/channels/\u003cCHANNEL_NAME\u003e allowing an attacker to perform a client-side path traversal.\n\n","aliases":["BIT-mattermost-2023-6458","CVE-2023-6458"],"modified":"2026-02-04T04:03:35.103323Z","published":"2023-12-06T09:30:17Z","related":["CGA-g59p-x232-xvr9"],"database_specific":{"github_reviewed_at":"2023-12-08T21:57:03Z","nvd_published_at":"2023-12-06T09:15:08Z","cwe_ids":["CWE-22","CWE-74"],"severity":"HIGH","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6458"},{"type":"PACKAGE","url":"https://github.com/mattermost/mattermost"},{"type":"WEB","url":"https://mattermost.com/security-updates"}],"affected":[{"package":{"name":"github.com/mattermost/mattermost-server/v6","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost-server/v6"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"7.8.14"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-7664-hcp7-f497/GHSA-7664-hcp7-f497.json"}},{"package":{"name":"github.com/mattermost/mattermost/server/v8","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost/server/v8"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.1.5"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-7664-hcp7-f497/GHSA-7664-hcp7-f497.json"}},{"package":{"name":"github.com/mattermost/mattermost/server/v8","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost/server/v8"},"ranges":[{"type":"SEMVER","events":[{"introduced":"9.0.0"},{"fixed":"9.0.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-7664-hcp7-f497/GHSA-7664-hcp7-f497.json"}},{"package":{"name":"github.com/mattermost/mattermost/server","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost/server"},"ranges":[{"type":"SEMVER","events":[{"introduced":"9.1.0"},{"fixed":"9.1.2"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-7664-hcp7-f497/GHSA-7664-hcp7-f497.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L"}]}