Mattermost Server < 8.1.9 / 9.2.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.4.2, 9.5.0 Multiple Vulnerabilities (MMSA-2023-00285)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(191689);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2024-1887", "CVE-2024-23488");
  script_xref(name:"IAVA", value:"2024-A-0127-S");

  script_name(english:"Mattermost Server < 8.1.9 / 9.2.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.4.2, 9.5.0 Multiple Vulnerabilities (MMSA-2023-00285)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Mattermost Server installed on the remote host is prior to 8.1.9, 9.2.5, 9.3.1, or 9.4.2, 9.5.0. It is,
therefore, affected by multiple vulnerabilities as referenced in the MMSA-2023-00285 advisory.

  - Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing
    a user that is not a member of the public channel to fetch the posts, which will not be audited in the
    compliance export. (CVE-2024-1887)

  - Mattermost fails to properly restrict the access of files attached to posts in an archived channel,
    resulting in members being able to access files of archived channels even if the Allow users to view
    archived channels option is disabled. (CVE-2024-23488)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mattermost.com/security-updates/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mattermost Server version 8.1.9 / 9.2.5 / 9.3.1 / 9.4.2, 9.5.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-1887");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mattermost:mattermost_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mattermost_server_detect.nbin");
  script_require_keys("installed_sw/Mattermost Server");

  exit(0);
}

include('vcf.inc');
include('http.inc');

var port = get_http_port(default:80);

var app_info = vcf::get_app_info(app:'Mattermost Server', port:port, webapp:TRUE);

var constraints = [
  { 'min_version' : '0.0', 'fixed_version' : '8.1.9' },
  { 'min_version' : '9.2.0', 'fixed_version' : '9.2.5' },
  { 'min_version' : '9.3.0', 'fixed_version' : '9.3.1' },
  { 'min_version' : '9.4.0', 'fixed_version' : '9.4.2', 'fixed_display' : '9.4.2, 9.5.0' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);