Lucene search

Veracode Vulnerability DatabaseVERACODE:44596

HistoryDec 07, 2023 - 12:19 p.m.

Information Disclosure

2023-12-0712:19:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mattermost

vulnerability

information disclosure

channel ids

metrics endpoint

sensitive information

unauthorized access

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Mattermost is vulnerable to Information Disclosure. The vulnerability is due to the exposure of channel IDs in the metrics endpoint response. This could allow an attacker to expose sensitive information that they are not explicitly authorized to have access to.

References

github.com/mattermost/mattermost/commit/b245d967c8c3d158a899c38166151254d6ee0d11

github.com/mattermost/mattermost/commit/f8f79e13ef11d5bd2527d21a1967bd37f46a0fae

mattermost.com/security-updates

mattermost.com/security-updates/#:~:text=Mattermost%20Server-,MMSA%2D2023%2D00250,-Low

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for VERACODE:44596