BIT-mattermost-2022-1332

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2022-1332.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-mattermost-2022-1332

Aliases

Published

2024-03-06T11:04:28.103Z

Modified

2024-08-21T15:27:41.964074Z

Summary

[none]

Details

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.

Database specific

{
    "cpes": [
        "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://mattermost.com/security-updates/

Affected packages

Bitnami / mattermost

Package

Name: mattermost
Purl: pkg:bitnami/mattermost

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

5.37.0

Fixed

5.37.9

Introduced

6.2.0

Fixed

6.2.5

Introduced

6.3.0

Fixed

6.3.5

Introduced

6.4.0

Fixed

6.4.2