Описание
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.5.0 (включая) до 9.5.9 (исключая)
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00204
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 3.1
debian
больше 1 года назад
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access t ...
CVSS3: 3.1
github
больше 1 года назад
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
EPSS
Процентиль: 42%
0.00204
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo