Lucene search
Veracode Vulnerability DatabaseVERACODE:44921HistoryJan 03, 2024 - 7:45 a.m.
Improper Authorization
2024-01-0307:45:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
improper authorization
github
mattermost
updated permissions
active session
demoted guest
group names
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
14.0%
github.com/mattermost/mattermost/ is vulnerable to Improper Authorization. The vulnerability is caused when user receives updated permissions during active session. This freshly demoted guest can change group names.
Related
prion
prion
Design/Logic Flaw
2024-01-02 10:15:00
osv
osv
Mattermost allows demoted guests to change group names
2024-01-02 12:30:18
CGA-ww64-95f3-2pxc
2024-09-25 02:09:41
cvelist
cvelist
github
github
Mattermost allows demoted guests to change group names
2024-01-02 12:30:18
nvd
nvd
CVE-2023-50333
2024-01-02 10:15:08
cve
cve
CVE-2023-50333
2024-01-02 10:15:08
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
14.0%
Related for VERACODE:44921