Описание
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.5.0 (исключая)
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00326
Низкий
4.7 Medium
CVSS3
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-477
CWE-862
Связанные уязвимости
CVSS3: 4.7
debian
почти 4 года назад
Mattermost version 6.4.x and earlier fails to properly check the plugi ...
EPSS
Процентиль: 55%
0.00326
Низкий
4.7 Medium
CVSS3
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-477
CWE-862