Lucene search

Veracode Vulnerability DatabaseVERACODE:44923

HistoryJan 03, 2024 - 9:09 a.m.

Insufficient Authorization

2024-01-0309:09:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

insufficient authorization

websocket

broadcast vulnerability

channel.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

14.0%

JSON

github.com/mattermost/mattermost/ is vulnerable to Insufficient Authorization. The vulnerability is caused due to insufficient scoping of WebSocket responses to authorised users, resulting in Websocket responses being broadcasted to everyone in the channel.

References

github.com/mattermost/mattermost/commit/851515be222160bee0a495c0d411056b19ed4111

mattermost.com/security-updates

mattermost.com/security-updates/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for VERACODE:44923