Lucene search

Veracode Vulnerability DatabaseVERACODE:48435

HistoryAug 09, 2024 - 11:26 a.m.

Incorrect Error Handling

2024-08-0911:26:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerable

incorrect error handling

error handling

local data

share channels

mattermost-server

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

github.com/mattermost/mattermost-server is vulnerable to Incorrect Error Handling. The vulnerability is caused due to a failure to properly safeguard an error handling. This allows an attacker to permanently delete local data by abusing dangerous error handling, when share channels were enabled.

References

github.com/advisories/GHSA-762m-4cx6-6mf4

mattermost.com/security-updates

mattermost.com/security-updates/

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

Related for VERACODE:48435