Unrated severityNVD Advisory· Published Mar 18, 2022· Updated Dec 6, 2024
Sysadmin can override existing configs & bypass restrictions like EnableUploads
CVE-2022-1003
Description
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=6.3.0+ 1 more
- (no CPE)range: <=6.3.0
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- mattermost.com/security-updates/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.