Mattermost Server till 5.7.x Attachment privilegier eskalering

inträdeeditHistoryDiffjsonxmlCTI

Det var en kritiskt svag punkt upptäcktes i Mattermost Server till 5.7.x. Som påverkar en okänd funktion av komponenten Attachment Handler. En uppgradering till den version 5.8.0 att åtgärda problemet.

Tidslinje

Användare

Fält

Commit Conf

Approve Conf

IDEngageradAnvändareFältFörändraAnmärkningarModereradAnledningC
1056118325/10/2020VulD...confirm_urlhttps://mattermost.com/security-updates/cve.mitre.org25/10/2020accepterad70
1018738820/06/2020VulD...cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.mitre.org20/06/2020accepterad100
1018738720/06/2020VulD...cve_assigned1592524800mitre.org20/06/2020accepterad100
1018738020/06/2020VulD...cvss3_nvd_aNnist.gov20/06/2020accepterad100
1018737920/06/2020VulD...cvss3_nvd_iLnist.gov20/06/2020accepterad100
1018737820/06/2020VulD...cvss3_nvd_cNnist.gov20/06/2020accepterad100
1018737720/06/2020VulD...cvss3_nvd_sUnist.gov20/06/2020accepterad100
1018737620/06/2020VulD...cvss3_nvd_uiNnist.gov20/06/2020accepterad100
1018737520/06/2020VulD...cvss3_nvd_prNnist.gov20/06/2020accepterad100
1018737420/06/2020VulD...cvss3_nvd_acLnist.gov20/06/2020accepterad100
1018737320/06/2020VulD...cvss3_nvd_avNnist.gov20/06/2020accepterad100
1018736020/06/2020VulD...cvss2_nvd_aiNnist.gov20/06/2020accepterad100
1018735920/06/2020VulD...cvss2_nvd_iiPnist.gov20/06/2020accepterad100
1018735820/06/2020VulD...cvss2_nvd_ciNnist.gov20/06/2020accepterad100
1018735720/06/2020VulD...cvss2_nvd_auNnist.gov20/06/2020accepterad100
1018735620/06/2020VulD...cvss2_nvd_acLnist.gov20/06/2020accepterad100
1018735520/06/2020VulD...cvss2_nvd_avNnist.gov20/06/2020accepterad100
1018734520/06/2020VulD...cwe732 (privilegier eskalering)20/06/2020accepterad100
1018739720/06/2020VulD...cvss3_nvd_basescore5.3nist.gov20/06/2020accepterad90
1018739620/06/2020VulD...cvss3_vuldb_rcX20/06/2020accepterad90

Do you want to use VulDB in your project?

Use the official API to access entries easily!