Mattermost Server up to 5.7.x Attachment permission assignment

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Mattermost Server up to 5.7.x. Affected is an unknown code of the component Attachment Handler. Upgrading to version 5.8.0 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056118310/25/2020VulD...confirm_urlhttps://mattermost.com/security-updates/cve.mitre.org10/25/2020accepted70
1018738806/20/2020VulD...cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.mitre.org06/20/2020accepted100
1018738706/20/2020VulD...cve_assigned1592524800mitre.org06/20/2020accepted100
1018738006/20/2020VulD...cvss3_nvd_aNnist.gov06/20/2020accepted100
1018737906/20/2020VulD...cvss3_nvd_iLnist.gov06/20/2020accepted100
1018737806/20/2020VulD...cvss3_nvd_cNnist.gov06/20/2020accepted100
1018737706/20/2020VulD...cvss3_nvd_sUnist.gov06/20/2020accepted100
1018737606/20/2020VulD...cvss3_nvd_uiNnist.gov06/20/2020accepted100
1018737506/20/2020VulD...cvss3_nvd_prNnist.gov06/20/2020accepted100
1018737406/20/2020VulD...cvss3_nvd_acLnist.gov06/20/2020accepted100
1018737306/20/2020VulD...cvss3_nvd_avNnist.gov06/20/2020accepted100
1018736006/20/2020VulD...cvss2_nvd_aiNnist.gov06/20/2020accepted100
1018735906/20/2020VulD...cvss2_nvd_iiPnist.gov06/20/2020accepted100
1018735806/20/2020VulD...cvss2_nvd_ciNnist.gov06/20/2020accepted100
1018735706/20/2020VulD...cvss2_nvd_auNnist.gov06/20/2020accepted100
1018735606/20/2020VulD...cvss2_nvd_acLnist.gov06/20/2020accepted100
1018735506/20/2020VulD...cvss2_nvd_avNnist.gov06/20/2020accepted100
1018734506/20/2020VulD...cwe732 (privilege escalation)06/20/2020accepted100
1018739706/20/2020VulD...cvss3_nvd_basescore5.3nist.gov06/20/2020accepted90
1018739606/20/2020VulD...cvss3_vuldb_rcX06/20/2020accepted90

Might our Artificial Intelligence support you?

Check our Alexa App!