CVE-2022-1332

Name of the Vulnerable Software and Affected Versions Mattermost versions 6.4.1 and earlier

Description The issue is related to improper privilege management in Mattermost, where an API fails to properly protect permissions. This allows authenticated members with restricted custom admin roles to bypass restrictions and view sensitive information, including server logs and the contents of the server config.json file.

Recommendations For Mattermost versions 6.4.1 and earlier, update to version 6.4.2, 6.3.5, 6.2.5, or 5.37.9 to resolve the issue. As a temporary workaround, consider restricting access to the API endpoint responsible for permissions management until a patch is applied. Additionally, review and restrict custom admin roles to minimize the risk of exploitation.