Mattermost Server fino 5.0 Access Restriction Command escalazione di privilegi

voceeditHistoryDiffjsonxmlCTI

È stata rilevata una vulnerabilità di livello critico in Mattermost Server fino 5.0. É interessato una funzione sconosciuta del componente Access Restriction. L'aggiornamento alla versione 5.1 elimina questa vulnerabilità.

Campo	21/06/2020 09:21 AM	21/06/2020 09:26 AM	26/10/2020 07:38 AM
name	Mattermost Server	Mattermost Server	Mattermost Server
version	<=5.0	<=5.0	<=5.0
component	Access Restriction	Access Restriction	Access Restriction
input_type	Command	Command	Command
risk	2	2	2
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7	5.7
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	5.1	5.1	5.1
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
date	1592524800 (19/06/2020)	1592524800 (19/06/2020)	1592524800 (19/06/2020)
url	https://mattermost.com/security-updates/	https://mattermost.com/security-updates/	https://mattermost.com/security-updates/
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Upgrade	Upgrade	Upgrade
upgrade_version	5.1	5.1	5.1
cve	CVE-2018-21256	CVE-2018-21256	CVE-2018-21256
seealso	156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985	156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985	156956 156957 156958 156959 156960 156961 156962 156963 156964 156965 156966 156967 156968 156969 156970 156971 156972 156973 156974 156975 156976 156977 156978 156979 156980 156981 156982 156983 156984 156985
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	X	X	X
cvss3_nvd_basescore	4.3	4.3	4.3
cwe	0	732 (escalazione di privilegi)	732 (escalazione di privilegi)
cvss2_nvd_av		N	N
cvss2_nvd_ac		L	L
cvss2_nvd_au		S	S
cvss2_nvd_ci		N	N
cvss2_nvd_ii		P	P
cvss2_nvd_ai		N	N
cvss3_nvd_av		N	N
cvss3_nvd_ac		L	L
cvss3_nvd_pr		L	L
cvss3_nvd_ui		N	N
cvss3_nvd_s		U	U
cvss3_nvd_c		N	N
cvss3_nvd_i		L	L
cvss3_nvd_a		N	N
cve_assigned		1592524800	1592524800
cve_nvd_summary		An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.	An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
confirm_url			https://mattermost.com/security-updates/

◂ Precedente Visione d'insieme Il prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!