Lucene search
GitHub Advisory DatabaseGHSA-9HWP-CJ7M-WJW4HistorySep 29, 2023 - 12:30 p.m.
Mattermost Incorrect Authorization vulnerability
2023-09-2912:30:16
CWE-863
GitHub Advisory Database
github.com
9
mattermost
authorization
vulnerability
soft delete
team member
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.3%
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
Affected configurations
Node
github.com\/mattermost\/mattermostserver\/v6Range<7.8.10
ORgithub.com\/mattermost\/mattermostserverRange<8.0.2
ORgithub.com\/mattermost\/mattermostserverMatch8.1.0
Related
veracode
veracode
Incorrect Authorization
2023-10-10 07:53:12
nvd
nvd
CVE-2023-5195
2023-09-29 10:15:10
prion
prion
Code injection
2023-09-29 10:15:00
cve
cve
CVE-2023-5195
2023-09-29 10:15:10
osv
osv
Mattermost Incorrect Authorization vulnerability
2023-09-29 12:30:16
CVE-2023-5195
2023-09-29 10:15:10
cvelist
cvelist
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.3%
Related for GHSA-9HWP-CJ7M-WJW4