MattermostCVELIST:CVE-2022-1548CVE-2022-1548 Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.8%
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.
CNA Affected
[
{
"product": "Mattermost Playbooks",
"vendor": "Mattermost ",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "Playbooks",
"versionType": "custom"
}
]
}
]References
Related
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.8%