Vulnerability CVE-2022-1384


Published: 2022-04-19

Description:
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.

Type:

CWE-862

(Missing Authorization)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mattermost -> Mattermost server 

 References:
https://mattermost.com/security-updates/

Copyright 2024, cxsecurity.com

 

Back to Top