Описание
Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.
EPSS
Процентиль: 7%
0.00032
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 6.5
debian
около 1 месяца назад
Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7 ...
CVSS3: 6.5
github
около 1 месяца назад
Mattermost Missing Authentication for Critical Function
EPSS
Процентиль: 7%
0.00032
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-306