CVE-2022-1332

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1332

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1332.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1332

Aliases

Published

2022-04-13T18:15:09Z

Modified

2025-01-08T08:37:57.683103Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost
Events: Introduced

7dcc03f1a215faaa5ded6592fb06420a8d87f439

Fixed

39979e15019394647cb0219e57651e2e0fb6626a

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

f5a7bfe1ad29be0094ea657f8ccfbe79a11f7430

Fixed

7f1f360e41d8f2ef85c5221fbff252c15bc0c135

Affected versions

v6.*

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4