Lucene search

K
osvGoogleOSV:GO-2024-3020
HistoryAug 06, 2024 - 10:40 p.m.

Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server

2024-08-0622:40:50
Google
osv.dev
6
mattermost
remote actor
data deletion
github
error handling

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

16.8%

Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

16.8%