Mattermost Server till 5.0 Access Restriction Command privilegier eskalering

inträdeeditHistoryDiffjsonxmlCTI

I Mattermost Server till 5.0 har en kritiskt svag punkt upptäckte. Som påverkar en okänd funktion av komponenten Access Restriction. En uppgradering till den version 5.1 att åtgärda problemet.

Tidslinje

Användare

Fält

Commit Conf

Approve Conf

IDEngageradAnvändareFältFörändraAnmärkningarModereradAnledningC
1056153026/10/2020VulD...confirm_urlhttps://mattermost.com/security-updates/cve.mitre.org26/10/2020accepterad70
1018942021/06/2020VulD...cve_nvd_summaryAn issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.mitre.org21/06/2020accepterad100
1018941921/06/2020VulD...cve_assigned1592524800mitre.org21/06/2020accepterad100
1018941221/06/2020VulD...cvss3_nvd_aNnist.gov21/06/2020accepterad100
1018941121/06/2020VulD...cvss3_nvd_iLnist.gov21/06/2020accepterad100
1018941021/06/2020VulD...cvss3_nvd_cNnist.gov21/06/2020accepterad100
1018940921/06/2020VulD...cvss3_nvd_sUnist.gov21/06/2020accepterad100
1018940821/06/2020VulD...cvss3_nvd_uiNnist.gov21/06/2020accepterad100
1018940721/06/2020VulD...cvss3_nvd_prLnist.gov21/06/2020accepterad100
1018940621/06/2020VulD...cvss3_nvd_acLnist.gov21/06/2020accepterad100
1018940521/06/2020VulD...cvss3_nvd_avNnist.gov21/06/2020accepterad100
1018939221/06/2020VulD...cvss2_nvd_aiNnist.gov21/06/2020accepterad100
1018939121/06/2020VulD...cvss2_nvd_iiPnist.gov21/06/2020accepterad100
1018939021/06/2020VulD...cvss2_nvd_ciNnist.gov21/06/2020accepterad100
1018938921/06/2020VulD...cvss2_nvd_auSnist.gov21/06/2020accepterad100
1018938821/06/2020VulD...cvss2_nvd_acLnist.gov21/06/2020accepterad100
1018938721/06/2020VulD...cvss2_nvd_avNnist.gov21/06/2020accepterad100
1018937721/06/2020VulD...cwe732 (privilegier eskalering)21/06/2020accepterad100
1018942921/06/2020VulD...cvss3_nvd_basescore4.3nist.gov21/06/2020accepterad90
1018942821/06/2020VulD...cvss3_vuldb_rcX21/06/2020accepterad90

Might our Artificial Intelligence support you?

Check our Alexa App!