Lucene search
GoogleOSV:GHSA-6XJJ-V76V-FWPJHistoryAug 11, 2023 - 9:30 a.m.
Mattermost does not validate requesting user permissions before updating admin details
2023-08-1109:30:36
Google
osv.dev
6
mattermost
security
validation
permissions
admin
update
user manager
6.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
0.0005 Low
EPSS
Percentile
16.0%
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin’s details such as email, first name and last name.
Related
cve
cve
CVE-2023-4107
2023-08-11 07:15:09
osv
osv
CVE-2023-4107
2023-08-11 07:15:09
nvd
nvd
CVE-2023-4107
2023-08-11 07:15:09
github
github
prion
prion
Code injection
2023-08-11 07:15:00
veracode
veracode
Incorrect Authorization
2023-08-15 02:55:13
cvelist
cvelist
nessus
nessus
6.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
0.0005 Low
EPSS
Percentile
16.0%
Related for OSV:GHSA-6XJJ-V76V-FWPJ