One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-04-13T17:06:03
Updated: 2022-04-13T17:06:03
Reserved: 2022-04-13T00:00:00
Link: CVE-2022-1332
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-13T18:15:09.780
Modified: 2022-04-20T19:37:32.690
Link: CVE-2022-1332
JSON object: View
Redhat Information
No data.