CVE-2022-1384

EPSS 0.33%
Veröffentlicht 19.04.2022 21:15:14
Zuletzt bearbeitet 21.11.2024 06:40:37
Quelle responsibledisclosure@mattermo
CVE-Watchlists
Login
Unerledigt
Login

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Server Version < 6.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.549

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
responsibledisclosure@mattermost.com	4.7	1.2	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE-477 Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://mattermost.com/security-updates/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1384

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1384

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1384

EUVD