Описание
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mattermost-server | itp | package |
EPSS
Процентиль: 3%
0.00017
Низкий
Связанные уязвимости
CVSS3: 3.1
nvd
5 месяцев назад
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration
CVSS3: 3.1
github
5 месяцев назад
Mattermost boards plugin fails to restrict download access to files
EPSS
Процентиль: 3%
0.00017
Низкий