Lucene search

K
osvGoogleOSV:GO-2024-3091
HistoryAug 30, 2024 - 5:18 p.m.

Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server

2024-08-3017:18:07
Google
osv.dev
4
mattermost
read-only access
write operations
teams
github
mattermost-server

CVSS3

6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

16.9%

Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server

CVSS3

6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

16.9%