Lucene search
GitHub Advisory DatabaseGHSA-6XJJ-V76V-FWPJHistoryAug 11, 2023 - 9:30 a.m.
Mattermost does not validate requesting user permissions before updating admin details
2023-08-1109:30:36
CWE-284
CWE-863
GitHub Advisory Database
github.com
4
mattermost
permission
update
admin
user manager
validation
security
6.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
0.0005 Low
EPSS
Percentile
16.0%
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin’s details such as email, first name and last name.
Affected configurations
Node
github.com\/mattermost\/mattermostserver\/v6Range≤7.10.3
ORgithub.com\/mattermost\/mattermostserver\/v6Range≤7.9.5
ORgithub.com\/mattermost\/mattermostserver\/v6Range≤7.8.7
Related
veracode
veracode
Incorrect Authorization
2023-08-15 02:55:13
cvelist
cvelist
cve
cve
CVE-2023-4107
2023-08-11 07:15:09
osv
osv
CVE-2023-4107
2023-08-11 07:15:09
nvd
nvd
CVE-2023-4107
2023-08-11 07:15:09
prion
prion
Code injection
2023-08-11 07:15:00
nessus
nessus
6.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
0.0005 Low
EPSS
Percentile
16.0%
Related for GHSA-6XJJ-V76V-FWPJ