CVE-2023-5160

Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowinga member to get the full name of another user even if the Show Full Name option was disabled
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
MattermostCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
mattermostmattermost
7.0.0 ≤
𝑥
< 7.8.10
mattermostmattermost
8.0.0 ≤
𝑥
< 8.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mattermost.com/security-updates
https://mattermost.com/security-updates