Описание
Mattermost Server has Improper Authorization for Integration Requests
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-18916
- https://github.com/mattermost/mattermost/commit/0968e4079e0aa670254f3fe3a7248d126e3cf877
- https://github.com/mattermost/mattermost/commit/b74e85653660525d351d090a1e1874ae933bcbc8
- https://github.com/mattermost/mattermost/commit/fb325cc339eb8d8efb60dbadc48fd38897201c6f
- https://mattermost.com/security-updates
Пакеты
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
< 3.6.7-0.20170420152529-0968e4079e0a
3.6.7-0.20170420152529-0968e4079e0a
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
>= 3.7.0, < 3.7.5
3.7.5
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
>= 3.8.0, < 3.8.2
3.8.2
Связанные уязвимости
CVSS3: 5.3
nvd
больше 5 лет назад
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
CVSS3: 5.3
debian
больше 5 лет назад
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...