Описание
Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.
Пакеты
Пакет | Статус | Версия исправления | Релиз | Тип |
---|---|---|---|---|
mattermost-server | itp | package |
EPSS
Процентиль: 7%
0.00032
Низкий
Связанные уязвимости
CVSS3: 6.5
nvd
около 1 месяца назад
Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.
CVSS3: 6.5
github
около 1 месяца назад
Mattermost Missing Authentication for Critical Function
EPSS
Процентиль: 7%
0.00032
Низкий