Lucene search

Veracode Vulnerability DatabaseVERACODE:44920

HistoryJan 03, 2024 - 7:10 a.m.

Improper Authorization

2024-01-0307:10:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mattermost

vulnerability

improper permission validation

archived public channels

team member

get call

endpoint

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

14.0%

JSON

github.com/mattermost/mattermost is vulnerable to Improper Authorization. The vulnerability is caused due to improper permission validation while a user views archived public channels. One member of a team can view a channel of another team member via GET call to the /api/v4/teams//channels/deleted endpoint.

References

github.com/mattermost/mattermost/commit/6494fc712419d34ea44c8887981a7554e25c1eb6

github.com/mattermost/mattermost/commit/9ccda46b85770d6c9af366893cbd3234f77489b8

github.com/mattermost/mattermost/commit/9e52296cfb7c8eaf0b24e39a2ecea4bf58facd60

github.com/mattermost/mattermost/commit/e073aaa00cbe06f64f1998191518600749923e0c

mattermost.com/security-updates

mattermost.com/security-updates/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for VERACODE:44920