CVE-2023-3613
3.5
LOW
CVSS 3.1
EPSS 0.16%
Description
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
How to fix CVE-2023-3613
To remediate CVE-2023-3613, upgrade the affected package to a fixed version below.
- Bitnami/mattermost—upgrade to 7.8.6 or later
Is CVE-2023-3613 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.8.6, >= 7.9.0, < 7.10.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |