Lucene search

Veracode Vulnerability DatabaseVERACODE:47906

HistoryJul 04, 2024 - 8:46 a.m.

Information Disclosure

2024-07-0408:46:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

mattermost

server

vulnerability

information disclosure

unsanitized payloads

audit logging

message contents

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

High

JSON

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to Mattermost failing to sanitize the RemoteClusterFrame payloads before audit logging them. Attackers with access to the audit logs can exploit this to read message contents.

References

github.com/mattermost/mattermost/commit/f4dde6d1e48415d86df04d8cc42be98fa3884824

mattermost.com/security-updates

mattermost.com/security-updates/

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

High

JSON

Related for VERACODE:47906