4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Mattermost is vulnerable to Improper Access Control. The vulnerability is due to a failure to verify if the email signup configuration option is enabled when a user requests to switch from SAML to email, allowing users to switch their authentication method and potentially edit personal details provided by the SAML provider.
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%