Lucene search

K
osvGoogleOSV:BIT-MATTERMOST-2023-6547
HistoryMar 06, 2024 - 10:56 a.m.

BIT-mattermost-2023-6547

2024-03-0610:56:43
Google
osv.dev
6
mattermost
unauthorized access
modification
playbooks

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.2%

Related for OSV:BIT-MATTERMOST-2023-6547