Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-04-19T20:26:28
Updated: 2022-04-19T20:26:28
Reserved: 2022-04-18T00:00:00
Link: CVE-2022-1384
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-19T21:15:14.047
Modified: 2022-04-27T17:36:56.747
Link: CVE-2022-1384
JSON object: View
Redhat Information
No data.