Improper Access Control

2024-03-0111:07:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

access control

compliance

settings

non-members

audit

attackers

sensitive information

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

github.com/mattermost/mattermost/ is vulnerable to Improper Access Control. The vulnerability is due to a failure to check compliance export settings, allowing non-members to fetch posts without being audited. Attackers can exploit this to access sensitive information without detection.

CPENameOperatorVersion
github.com/mattermost/mattermostlev9.3.1-rc2
github.com/mattermost/mattermostlev8.1.8
github.com/mattermost/mattermostle9.2.4
github.com/mattermost/mattermostlev9.3.1-rc2
github.com/mattermost/mattermostlev8.1.8
github.com/mattermost/mattermostle9.2.4

Name	Operator	Version
github.com/mattermost/mattermost	le	v9.3.1-rc2
github.com/mattermost/mattermost	le	v8.1.8
github.com/mattermost/mattermost	le	9.2.4
github.com/mattermost/mattermost	le	v9.3.1-rc2
github.com/mattermost/mattermost	le	v8.1.8
github.com/mattermost/mattermost	le	9.2.4