Mattermost Server up to 5.0 Access Restriction Command permission assignment

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Mattermost Server up to 5.0. Affected by this vulnerability is some unknown processing of the component Access Restriction. Upgrading to version 5.1 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056153010/26/2020VulD...confirm_urlhttps://mattermost.com/security-updates/cve.mitre.org10/26/2020accepted70
1018942006/21/2020VulD...cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.mitre.org06/21/2020accepted100
1018941906/21/2020VulD...cve_assigned1592524800mitre.org06/21/2020accepted100
1018941206/21/2020VulD...cvss3_nvd_aNnist.gov06/21/2020accepted100
1018941106/21/2020VulD...cvss3_nvd_iLnist.gov06/21/2020accepted100
1018941006/21/2020VulD...cvss3_nvd_cNnist.gov06/21/2020accepted100
1018940906/21/2020VulD...cvss3_nvd_sUnist.gov06/21/2020accepted100
1018940806/21/2020VulD...cvss3_nvd_uiNnist.gov06/21/2020accepted100
1018940706/21/2020VulD...cvss3_nvd_prLnist.gov06/21/2020accepted100
1018940606/21/2020VulD...cvss3_nvd_acLnist.gov06/21/2020accepted100
1018940506/21/2020VulD...cvss3_nvd_avNnist.gov06/21/2020accepted100
1018939206/21/2020VulD...cvss2_nvd_aiNnist.gov06/21/2020accepted100
1018939106/21/2020VulD...cvss2_nvd_iiPnist.gov06/21/2020accepted100
1018939006/21/2020VulD...cvss2_nvd_ciNnist.gov06/21/2020accepted100
1018938906/21/2020VulD...cvss2_nvd_auSnist.gov06/21/2020accepted100
1018938806/21/2020VulD...cvss2_nvd_acLnist.gov06/21/2020accepted100
1018938706/21/2020VulD...cvss2_nvd_avNnist.gov06/21/2020accepted100
1018937706/21/2020VulD...cwe732 (privilege escalation)06/21/2020accepted100
1018942906/21/2020VulD...cvss3_nvd_basescore4.3nist.gov06/21/2020accepted90
1018942806/21/2020VulD...cvss3_vuldb_rcX06/21/2020accepted90

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!