Moderate severityNVD Advisory· Published Apr 13, 2022· Updated Dec 6, 2024
Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents
CVE-2022-1332
Description
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost-server/v6Go | >= 6.4.0, < 6.4.2 | 6.4.2 |
github.com/mattermost/mattermost-server/v6Go | >= 6.3.0, < 6.3.5 | 6.3.5 |
github.com/mattermost/mattermost-server/v6Go | >= 6.0.0, < 6.2.5 | 6.2.5 |
github.com/mattermost/mattermost-server/v5Go | < 5.37.9 | 5.37.9 |
Affected products
4- osv-coords3 versionspkg:bitnami/mattermostpkg:golang/github.com/mattermost/mattermost-server/v5pkg:golang/github.com/mattermost/mattermost-server/v6
>= 5.37.0, < 5.37.9+ 2 more
- (no CPE)range: >= 5.37.0, < 5.37.9
- (no CPE)range: < 5.37.9
- (no CPE)range: >= 6.4.0, < 6.4.2
- Range: 6.4
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-qggc-pj29-j27mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1332ghsaADVISORY
- mattermost.com/security-updatesghsaWEB
- mattermost.com/security-updates/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.