Path Traversal

2024-08-2905:34:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

path traversal

github mattermost

insufficient input sanitization

frontend

user-provided redirection paths

malicious links

unauthorized actions

mattermost system console

changing user roles

changing passwords

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

JSON

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization in the frontend for user-provided redirection paths. This allows attackers to craft malicious links that trick unsuspecting users into clicking on them, leading to unauthorized actions within the Mattermost system console, such as changing user roles or passwords.