Improper Access Control

2024-03-0112:48:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

access control

mattermost

ad/ldap

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

github.com/mattermost/mattermost/ is vulnerable to Improper Access Control. The vulnerability is due to inadequate authorization checks for requests fetching the team associated AD/LDAP groups. This enables users to retrieve details of AD/LDAP groups from teams they are not part of.

CPENameOperatorVersion
github.com/mattermost/mattermostlev9.3.1-rc2
github.com/mattermost/mattermostlev8.1.8
github.com/mattermost/mattermostlev9.4.1
github.com/mattermost/mattermostlev9.2.4
github.com/mattermost/mattermostlev9.3.1-rc2
github.com/mattermost/mattermostlev8.1.8
github.com/mattermost/mattermostlev9.4.1
github.com/mattermost/mattermostlev9.2.4

Name	Operator	Version
github.com/mattermost/mattermost	le	v9.3.1-rc2
github.com/mattermost/mattermost	le	v8.1.8
github.com/mattermost/mattermost	le	v9.4.1
github.com/mattermost/mattermost	le	v9.2.4
github.com/mattermost/mattermost	le	v9.3.1-rc2
github.com/mattermost/mattermost	le	v8.1.8
github.com/mattermost/mattermost	le	v9.4.1
github.com/mattermost/mattermost	le	v9.2.4