Описание
Mattermost Server is vulnerable to Path Traversal when files are stored locally
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-18876
- https://github.com/mattermost/mattermost/commit/6be8113eb60cf5ddd2dc1c3f4db05cae0c183086
- https://github.com/mattermost/mattermost/commit/6d3cb2ce07fc799832081e93843b405b390057fa
- https://github.com/mattermost/mattermost/commit/fadd9514f6e71590aba781a7035e1de4150137b0
- https://mattermost.com/security-updates
Пакеты
github.com/mattermost/mattermost-server
< 4.1.2-0.20171004201910-6be8113eb60c
4.1.2-0.20171004201910-6be8113eb60c
github.com/mattermost/mattermost-server
>= 4.2.0-rc1.0.20171004154238-fadd9514f6e7, < 4.2.1-0.20171004194140-6d3cb2ce07fc
4.2.1-0.20171004194140-6d3cb2ce07fc
github.com/mattermost/mattermost-server
>= 4.3.0-rc1, < 4.3.0
4.3.0
Связанные уязвимости
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...