Mattermost Server à 5.0 Access Restriction Command elévation de privilèges

entréeeditHistoryDiffjsonxmlCTI

Une vulnérabilité qui a été classée critique a été trouvée dans Mattermost Server à 5.0. Ceci affecte une fonction inconnue du composant Access Restriction. Mettre à jour à la version 5.1 élimine cette vulnérabilité.

Domaine	21/06/2020 09:21 AM	21/06/2020 09:26 AM	26/10/2020 07:38 AM
name	Mattermost Server	Mattermost Server	Mattermost Server
version	<=5.0	<=5.0	<=5.0
component	Access Restriction	Access Restriction	Access Restriction
input_type	Command	Command	Command
risk	2	2	2
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7	5.7
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	5.1	5.1	5.1
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
date	1592524800 (19/06/2020)	1592524800 (19/06/2020)	1592524800 (19/06/2020)
url	https://mattermost.com/security-updates/	https://mattermost.com/security-updates/	https://mattermost.com/security-updates/
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Upgrade	Upgrade	Upgrade
upgrade_version	5.1	5.1	5.1
cve	CVE-2018-21256	CVE-2018-21256	CVE-2018-21256
seealso	156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985	156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985	156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	X	X	X
cvss3_nvd_basescore	4.3	4.3	4.3
cwe	0	732 (elévation de privilèges)	732 (elévation de privilèges)
cvss2_nvd_av		N	N
cvss2_nvd_ac		L	L
cvss2_nvd_au		S	S
cvss2_nvd_ci		N	N
cvss2_nvd_ii		P	P
cvss2_nvd_ai		N	N
cvss3_nvd_av		N	N
cvss3_nvd_ac		L	L
cvss3_nvd_pr		L	L
cvss3_nvd_ui		N	N
cvss3_nvd_s		U	U
cvss3_nvd_c		N	N
cvss3_nvd_i		L	L
cvss3_nvd_a		N	N
cve_assigned		1592524800	1592524800
cve_nvd_summary		An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.	An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
confirm_url			https://mattermost.com/security-updates/

◂ Précédent Aperçu Suivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!