{"id":"GHSA-455c-vqrf-mghr","summary":"Mattermost Server Missing Authorization vulnerability","details":"Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.","aliases":["CVE-2023-2783"],"modified":"2025-07-25T14:50:30Z","published":"2023-06-16T09:30:24Z","database_specific":{"github_reviewed_at":"2023-06-23T21:37:38Z","severity":"MODERATE","cwe_ids":["CWE-862"],"github_reviewed":true,"nvd_published_at":"2023-06-16T09:15:09Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2783"},{"type":"PACKAGE","url":"https://github.com/mattermost/mattermost-server"},{"type":"WEB","url":"https://mattermost.com/security-updates"}],"affected":[{"package":{"name":"github.com/mattermost/mattermost-server/v6","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost-server/v6"},"ranges":[{"type":"SEMVER","events":[{"introduced":"7.10.0"},{"fixed":"7.10.1"}]}],"versions":["7.10.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-455c-vqrf-mghr/GHSA-455c-vqrf-mghr.json"}},{"package":{"name":"github.com/mattermost/mattermost-server/v6","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost-server/v6"},"ranges":[{"type":"SEMVER","events":[{"introduced":"7.9.0"},{"fixed":"7.9.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-455c-vqrf-mghr/GHSA-455c-vqrf-mghr.json"}},{"package":{"name":"github.com/mattermost/mattermost-server/v6","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost-server/v6"},"ranges":[{"type":"SEMVER","events":[{"introduced":"6.0.0"},{"fixed":"7.8.5"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-455c-vqrf-mghr/GHSA-455c-vqrf-mghr.json"}},{"package":{"name":"github.com/mattermost/mattermost-server/v6","ecosystem":"Go","purl":"pkg:golang/github.com/mattermost/mattermost-server/v6"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"6.0.0-20230511130429-1629a6ca7fed"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-455c-vqrf-mghr/GHSA-455c-vqrf-mghr.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}