CVE-2022-1003
18.03.2022, 18:15
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost | 𝑥 < 6.4.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-268 - Privilege ChainingTwo distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.