Lucene search

GitHub Advisory DatabaseGHSA-XP9J-8P68-9Q93

HistoryApr 05, 2024 - 9:30 a.m.

Mattermost Server Improper Access Control

2024-04-0509:30:38

CWE-284

GitHub Advisory Database

github.com

mattermost

server

access control

security flaw

channel

active call

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

Affected configurations

Vulners

Node

github.com\/mattermost\/mattermostserverRange<8.1.11

CPENameOperatorVersion
github.com/mattermost/mattermost/server/v8lt8.1.11

CPE	Name	Operator	Version
	github.com/mattermost/mattermost/server/v8	lt	8.1.11

References

github.com/advisories/GHSA-xp9j-8p68-9q93

mattermost.com/security-updates

nvd.nist.gov/vuln/detail/CVE-2024-21848

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for GHSA-XP9J-8P68-9Q93