Lucene search

GoogleOSV:GHSA-W88V-PJR8-CMV2

HistoryJan 02, 2024 - 12:30 p.m.

Mattermost viewing archived public channels permissions vulnerability

2024-01-0212:30:18

Google

osv.dev

mattermost

permissions

vulnerability

public channels

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.0%

JSON

Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.

References

github.com/mattermost/mattermost

mattermost.com/security-updates

nvd.nist.gov/vuln/detail/CVE-2023-47858

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

Percentile

14.0%

JSON

Related for OSV:GHSA-W88V-PJR8-CMV2