CVE-2022-1332

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1332
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1332.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1332
Aliases
Published
2022-04-13T18:15:09Z
Modified
2024-06-06T13:50:03.716112Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.

References

Affected packages

Git / github.com/mattermost/mattermost

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost
Events
Type
GIT
Repo
https://github.com/mattermost/mattermost-server
Events

Affected versions

v6.*

v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4