Vulnerability in Mattermost WelcomeBot Plugin Allows Unauthorized Guest Account Access to Channels

Vulnerability in Mattermost WelcomeBot Plugin Allows Unauthorized Guest Account Access to Channels

CVE-2023-3613 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

Learn more about our User Device Pen Test.