One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
Fri, 06 Dec 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-04-13T17:06:03
Updated: 2024-12-06T23:09:44.384Z
Reserved: 2022-04-13T00:00:00
Link: CVE-2022-1332
Vulnrichment
Updated: 2024-08-03T00:03:05.448Z
NVD
Status : Modified
Published: 2022-04-13T18:15:09.780
Modified: 2024-11-21T06:40:30.443
Link: CVE-2022-1332
Redhat
No data.