CVE-2022-1332
Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
4.3
MEDIUM
CVSS 3.1
EPSS 0.13%
Description
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
How to fix CVE-2022-1332
To remediate CVE-2022-1332, upgrade the affected package to a fixed version below.
- —upgrade to 5.37.9 or later
- —no fix listed
- —upgrade to 5.37.9 or later
- —upgrade to 5.37.9 or later
- —upgrade to 6.4.2 or later
- —upgrade to 6.2.5 or later
Is CVE-2022-1332 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- >= 5.37.0, < 5.37.9, >= 6.2.0, < 6.2.5, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.2
- from 0
- from 0, < 5.37.9
- from 0, < 5.37.9
- >= 6.4.0, < 6.4.2
- >= 6.0.0, < 6.2.5, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |