Описание
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.1 (исключая)
Одно из
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:5.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:5.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:5.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:5.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:5.2.0:rc5:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:5.2.0:rc6:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00408
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 9.8
debian
больше 5 лет назад
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Aut ...
github
больше 3 лет назад
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
EPSS
Процентиль: 61%
0.00408
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-862