VYPR
Unrated severityNVD Advisory· Published Mar 18, 2022· Updated Dec 6, 2024

Sysadmin can override existing configs & bypass restrictions like EnableUploads

CVE-2022-1003

Description

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mattermost/Mattermostllm-fuzzy2 versions
    <=6.3.0+ 1 more
    • (no CPE)range: <=6.3.0
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.