CVE-2023-7113: 
Chainguard vulnerability analysis and mitigation

Mattermost version 8.1.6 and earlier contains a security vulnerability identified as CVE-2023-7113, which was disclosed on December 29, 2023. The vulnerability affects the Mattermost server software and involves a failure to properly sanitize channel mention data in posts (NVD).

The vulnerability is classified as a Cross-site Scripting (XSS) issue (CWE-79) that allows attackers to inject markup in the web client. The vulnerability has received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Mattermost assigned it a score of 3.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N (NVD).

If exploited, this vulnerability could allow attackers to inject malicious markup into the web client through unsanitized channel mention data, potentially leading to cross-site scripting attacks. The impact includes low-level confidentiality and integrity breaches, with no direct impact on system availability (NVD).

The vulnerability has been fixed in Mattermost version 8.1.7. Users running affected versions should upgrade to version 8.1.7 or later to mitigate this security risk (NVD).