Vulnerability DatabaseCVE-2023-6459

CVE-2023-6459:
Chainguard vulnerability analysis and mitigation

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

5.3

Score

Published December 6, 2023

Severity MEDIUM

CNA Score 5.3

Affected Technologies

Chainguard

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 65

Exploitation Probability (EPSS) 0.5

Affected packages and libraries

github.com/mattermost/mattermost
github.com/mattermost/mattermost-server

Sources

NVD
Chainguard
- Chainguard Has FixAdded at: May 04, 2025
GitHub Advisory Database
- GoLang Severity MEDIUMHas FixAdded at: Dec 10, 2023

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Chainguard vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-23884	HIGH	7.7	Wolfi	freerdp-libs	No	Yes	Jan 19, 2026
CVE-2026-23883	HIGH	7.7	Wolfi	freerdp	No	Yes	Jan 19, 2026
CVE-2026-23732	MEDIUM	5.5	Wolfi	freerdp	No	Yes	Jan 19, 2026
CVE-2026-23849	MEDIUM	5.3	Wolfi	github.com/filebrowser/filebrowser/v2	No	Yes	Jan 19, 2026
CVE-2025-15281	N/A	N/A	Wolfi	glibc-langpack-anp	No	Yes	Jan 20, 2026