Описание
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mattermost-server | itp | package |
EPSS
Процентиль: 40%
0.00177
Низкий
Связанные уязвимости
CVSS3: 4.3
nvd
больше 1 года назад
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.
CVSS3: 4.3
github
больше 1 года назад
Mattermost Improper Access Control vulnerability
EPSS
Процентиль: 40%
0.00177
Низкий