GHSA-9w97-9rqx-8v4j

Опубликовано: 02 янв. 2024

Источник: github

Github: Прошло ревью

CVSS4: 2.1

CVSS3: 3.7

Описание

Mattermost allows demoted guests to change group names

Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.

Ссылки

Пакеты

Наименование

github.com/mattermost/mattermost/server/v8

Затронутые версииВерсия исправления

<= 8.1.6

8.1.7

EPSS

Процентиль: 19%

0.0006

Низкий

2.1 Low

CVSS4

3.7 Low

CVSS3

CVE ID

CVE-2023-50333

Дефекты

CWE-284

Связанные уязвимости

CVE-2023-50333

CVSS3: 3.7

nvd

около 2 лет назад

Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.

CVE-2023-50333

CVSS3: 3.7

debian

около 2 лет назад

Mattermost fails to update the permissions of the current session for ...

EPSS

Процентиль: 19%

0.0006

Низкий

2.1 Low

CVSS4

3.7 Low

CVSS3

CVE ID

CVE-2023-50333

Дефекты

CWE-284