Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03Z2djLTVyODQteGY1NM4AAtZZ
Mattermost users could access some sensitive information via API call
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.
Permalink: https://github.com/advisories/GHSA-7ggc-5r84-xf54JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03Z2djLTVyODQteGY1NM4AAtZZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-7ggc-5r84-xf54, CVE-2022-2401
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-2401
- https://mattermost.com/security-updates/
- https://github.com/advisories/GHSA-7ggc-5r84-xf54
Affected Packages
go:github.com/mattermost/mattermost-server/v6
Dependent packages: 111Dependent repositories: 168
Downloads:
Affected Version Ranges: = 6.7.0, >= 6.6.0, < 6.6.2, >= 6.4.0, < 6.5.2, < 6.3.9
Fixed in: 6.7.1, 6.6.2, 6.5.2, 6.3.9
All affected versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.7.0
All unaffected versions: 6.3.9, 6.3.10, 6.5.2, 6.6.2, 6.7.1, 6.7.2