Lucene search
PRIOn knowledge basePRION:CVE-2022-2408HistoryJul 14, 2022 - 6:15 p.m.
Design/Logic Flaw
2022-07-1418:15:00
PRIOn knowledge base
www.prio-n.com
6
design flaw
logic flaw
guest account
mattermost v6.7.0
permission restriction
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mattermost | ge | 6.4.0 | |
| mattermost | le | 6.5.1 | |
| mattermost | lt | 6.3.8 | |
| mattermost | eq | 6.6.1 | |
| mattermost | eq | 6.6.0 | |
| mattermost | eq | 6.7.0 |
References
Related
cnvd
cnvd
Mattermost has an unspecified vulnerability (CNVD-2022-65346)
2022-07-18 00:00:00
cve
cve
CVE-2022-2408
2022-07-14 18:15:08
osv
osv
CVE-2022-2408
2022-07-14 18:15:08
cvelist
cvelist
CVE-2022-2408 Guest accounts can list all public channels
2022-07-14 17:25:20
nvd
nvd
CVE-2022-2408
2022-07-14 18:15:08