Описание
Mattermost Fails to Check User Access to ExperimentalSettings
Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console.
Пакеты
github.com/mattermost/mattermost/server/v8
>= 10.5.0, <= 10.5.2
10.5.3
github.com/mattermost/mattermost/server/v8
>= 9.11.0, <= 9.11.11
9.11.12
github.com/mattermost/mattermost/server/v8
< 8.0.0-20250411064244-844447fbd57c
8.0.0-20250411064244-844447fbd57c
Связанные уязвимости
Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.
Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check ...