Improper Privilege Management in Mattermost

GHSA-qggc-pj29-j27m · BIT-mattermost-2022-1332 · CVE-2022-1332 · GO-2022-0616

Published Apr 14, 2022 · Modified Aug 21, 2024

Description

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. Per the Mattermost security updates page, versions 6.4.2, 6.3.5, 6.2.5, and 5.37.9 contain patches for this issue

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-1332
PACKAGE https://github.com/mattermost/mattermost-server
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes