CVE-2022-2401 – github.com/mattermost/mattermost-server/v6

Package

Manager: go
Name: github.com/mattermost/mattermost-server/v6
Vulnerable Version: >=0 <6.3.9 || >=6.4.0 <6.5.2 || >=6.6.0 <6.6.2 || =6.7.0 || >=6.7.0 <6.7.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00326 pctl0.54927

Details

Mattermost users could access some sensitive information via API call Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.

Metadata

Created: 2022-07-15T00:00:16Z
Modified: 2022-07-21T22:35:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-7ggc-5r84-xf54/GHSA-7ggc-5r84-xf54.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-7ggc-5r84-xf54
Finding: F038
Auto approve: 1