Mattermost Server bis 5.0 Access Restriction Command erweiterte Rechte

eintrageditHistoryDiffjsonxmlCTI

In Mattermost Server bis 5.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Komponente Access Restriction. Ein Aktualisieren auf die Version 5.1 vermag dieses Problem zu lösen.

Feld21.06.2020 09:2121.06.2020 09:2626.10.2020 07:38
nameMattermost ServerMattermost ServerMattermost Server
version<=5.0<=5.0<=5.0
componentAccess RestrictionAccess RestrictionAccess Restriction
input_typeCommandCommandCommand
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.75.75.7
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore5.15.15.1
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1592524800 (19.06.2020)1592524800 (19.06.2020)1592524800 (19.06.2020)
urlhttps://mattermost.com/security-updates/https://mattermost.com/security-updates/https://mattermost.com/security-updates/
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
upgrade_version5.15.15.1
cveCVE-2018-21256CVE-2018-21256CVE-2018-21256
seealso156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore4.34.34.3
cwe0732 (erweiterte Rechte)732 (erweiterte Rechte)
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iLL
cvss3_nvd_aNN
cve_assigned15925248001592524800
cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
confirm_urlhttps://mattermost.com/security-updates/

Do you know our Splunk app?

Download it now for free!