One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-03-18T18:00:21
Updated: 2024-08-02T23:47:43.283Z
Reserved: 2022-03-17T00:00:00
Link: CVE-2022-1003
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-18T18:15:12.127
Modified: 2022-03-29T16:10:31.333
Link: CVE-2022-1003
Redhat
No data.