Veracode Vulnerability DatabaseVERACODE:44426Improper Access Control
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
github.com/mattermost/mattermost is vulnerable to Improper Access Control. The vulnerability is caused by an incorrect authorization in the /plugins/focalboard/api/v2/users endpoint. This can lead to an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.
References
github.com/mattermost/mattermost/commit/70aa85fe60f7d626a6a4b72b791cc0829192a0a9
github.com/mattermost/mattermost/commit/bd985940b3f5f864425135e7f848be8bf2967cbf
github.com/mattermost/mattermost/commit/c6bb01661fdcdb5536d8fd978e52447c0624a1b1
mattermost.com/security-updates
mattermost.com/security-updates/#:~:text=Mattermost%20Server-,MMSA%2D2023%2D00254,-Medium
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%