CVE-2022-1003

2022-03-1818:15:12

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.

CPENameOperatorVersion
mattermosteq3.7.3
mattermosteq4.10.0-rc4
mattermosteq5.1.0-rc2
mattermosteq5.1.0-rc4
mattermosteq5.3.0-rc1
mattermosteq1.1.1
mattermosteq4.7.2-rc3
mattermosteq3.0.0
mattermosteq4.5.2
mattermosteq3.0.1

Name	Operator	Version
mattermost	eq	3.7.3
mattermost	eq	4.10.0-rc4
mattermost	eq	5.1.0-rc2
mattermost	eq	5.1.0-rc4
mattermost	eq	5.3.0-rc1
mattermost	eq	1.1.1
mattermost	eq	4.7.2-rc3
mattermost	eq	3.0.0
mattermost	eq	4.5.2
mattermost	eq	3.0.1

Rows per page:

1-10 of 1241

References

mattermost.com/security-updates/