Описание
Mattermost does not validate requesting user permissions before updating admin details
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
Пакеты
Наименование
github.com/mattermost/mattermost-server/v6
go
Затронутые версииВерсия исправления
<= 7.8.7
7.8.8
Наименование
github.com/mattermost/mattermost-server/v6
go
Затронутые версииВерсия исправления
>= 7.9.0, <= 7.9.5
7.9.6
Наименование
github.com/mattermost/mattermost-server/v6
go
Затронутые версииВерсия исправления
>= 7.10.0, <= 7.10.3
7.10.4
Связанные уязвимости
CVSS3: 6.7
nvd
почти 2 года назад
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
CVSS3: 6.7
debian
почти 2 года назад
Mattermost fails to properly validate the requesting user permissions ...