PT-2022-16410 · Mattermost · Mattermost

Elias Nahum

Published

2022-07-14

Updated

2024-08-21

CVE-2022-2401

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 6.7.0 and earlier

Description The issue allows team members to access some sensitive information by directly accessing the APIs. This is an unrestricted information disclosure issue that affects all users.

Recommendations For Mattermost versions 6.7.0 and earlier, consider restricting access to sensitive APIs to minimize the risk of exploitation. As a temporary workaround, limit the ability of team members to directly access APIs that may disclose sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-MATTERMOST-2022-2401

CVE-2022-2401

GHSA-7GGC-5R84-XF54

GO-2022-0540

Affected Products

Mattermost

PT-2022-16410 · Mattermost · Mattermost

CVE-2022-2401

Weakness Enumeration

Related Identifiers

Affected Products

References · 10