CVE-2022-1384

EPSS 0.33%
Published 19.04.2022 21:15:14
Last modified 21.11.2024 06:40:37
Source responsibledisclosure@mattermo
Teams watchlist Login
Open Login

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Server Version < 6.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.549

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
responsibledisclosure@mattermost.com	4.7	1.2	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE-477 Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://mattermost.com/security-updates/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1384

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1384

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1384

EUVD