Описание
Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.
A flaw was found in Mattermost. In certain versions, Mattermost fails to enforce invite permissions, which allows team admins with no permissions to invite users to their team by updating the "allow_open_invite" field via making their team public.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acm-grafana-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-central-db-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-main-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-rhel8-operator | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-roxctl-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-v4-db-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-scanner-v4-rhel8 | Not affected | ||
| Red Hat Ceph Storage 5 | rhceph/rhceph-5-dashboard-rhel8 | Not affected | ||
| Red Hat Ceph Storage 6 | rhceph/rhceph-6-dashboard-rhel9 | Not affected | ||
| Red Hat Ceph Storage 8 | rhceph/grafana-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
3.8 Low
CVSS3
Связанные уязвимости
Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.
Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permission ...
Mattermost Incorrect Authorization vulnerability
3.8 Low
CVSS3