CVE-2023-3587 LOW

CVE-2023-3587: Inconsistent state in UI after boards permission change by system admin

Vendor Mattermost
Product Mattermost
Weakness CWE-862 · Missing authorization
Published July 17, 2023
Last update October 22, 2024
View on NVD All CVEs

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

Key dates

02Disclosure timeline

July 17, 2023 CVE published
October 22, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-24679 WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability CVE-2025-22715 WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Arbitrary Content Deletion vulnerability CVE-2026-27092 WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability CVE-2026-24388 WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability CVE-2024-1229 SimpleShop <= 2.10.2 - Missing Authorization