← volver
CVE-2021-37864

Users can view the contents of an archived channel when access is explicitly denied by the system admin

CVSS 2.6 LOWEPSS 0.6%CWE-284
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 2.6EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 ene 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Productos afectados
Mattermost · Mattermost

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://mattermost.com/security-updates/