CVE-2022-1332
13.04.2022, 18:15
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 5.37.0 ≤ 𝑥 < 5.37.9 |
| mattermost | mattermost_server | 6.2.0 ≤ 𝑥 < 6.2.5 |
| mattermost | mattermost_server | 6.3.0 ≤ 𝑥 < 6.3.5 |
| mattermost | mattermost_server | 6.4.0 ≤ 𝑥 < 6.4.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 6.4 ≤ 𝑥 < 6.4.2 | CNA |
| mattermost | mattermost | 6.3 ≤ 𝑥 < 6.3.5 | CNA |
| mattermost | mattermost | 6.2 ≤ 𝑥 < 6.2.5 | CNA |
| mattermost | mattermost | 5.37 ≤ 𝑥 < 5.37.9 | CNA |
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.