GHSA-qggc-pj29-j27m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qggc-pj29-j27m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-qggc-pj29-j27m/GHSA-qggc-pj29-j27m.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-qggc-pj29-j27m
- Aliases
- Published
- 2022-04-14T00:00:17Z
- Modified
- 2024-08-21T15:27:41.964074Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Improper Privilege Management in Mattermost
- Details
-
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. Per the Mattermost security updates page, versions 6.4.2, 6.3.5, 6.2.5, and 5.37.9 contain patches for this issue
- Database specific
{ "nvd_published_at": "2022-04-13T18:15:00Z", "cwe_ids": [ "CWE-200", "CWE-269" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-04-22T21:05:32Z" }- References
Affected packages
Go / github.com/mattermost/mattermost-server/v6
Package
- Name
- github.com/mattermost/mattermost-server/v6
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost-server/v6
Go / github.com/mattermost/mattermost-server/v6
Package
- Name
- github.com/mattermost/mattermost-server/v6
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost-server/v6
Go / github.com/mattermost/mattermost-server/v6
Package
- Name
- github.com/mattermost/mattermost-server/v6
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost-server/v6
Go / github.com/mattermost/mattermost-server/v5
Package
- Name
- github.com/mattermost/mattermost-server/v5
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost-server/v5