Lucene search

GoogleOSV:GO-2024-2593

HistoryJun 28, 2024 - 3:28 p.m.

Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

2024-06-2815:28:53

Google

osv.dev

mattermost

invite_guest

permission

vulnerability

mattermost-server

software

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

JSON

Mattermost fails to check the “invite_guest” permission in github.com/mattermost/mattermost-server.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.1.9.

References

github.com/advisories/GHSA-pfw6-5rx3-xh3c

mattermost.com/security-updates

nvd.nist.gov/vuln/detail/CVE-2024-1888

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.4

Confidence

High

JSON

Related for OSV:GO-2024-2593