CVE-2023-6547

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 3.7

CVSS3: 5.4

EPSS Низкий

Описание

Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team.

Ссылки

https://mattermost.com/security-updates
Issue Tracking
Vendor Advisory
https://mattermost.com/security-updates
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Версия до 8.1.5 (включая)

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Версия от 9.2.0 (включая) до 9.2.1 (включая)

EPSS

Процентиль: 48%

0.00247

Низкий

3.7 Low

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

CVE-2023-6547

CVSS3: 3.7

debian

около 2 лет назад

Mattermost fails to validate team membership when a user attempts to a ...

GHSA-4gj5-jpg2-r4vj

CVSS3: 3.7

github

около 2 лет назад

EPSS

Процентиль: 48%

0.00247

Низкий

3.7 Low

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-284

NVD-CWE-Other