CVE-2022-1384

HIGH8.8EPSS 0.33%

Insecure plugin handling in Mattermost

發布日:2022/4/20修改日:2024/8/21

也稱為:GHSA-32rp-q37p-jg6wBIT-mattermost-2022-1384GO-2022-0576

描述

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.

受影響套件(5)

Bitnami/mattermostfrom 0, < 6.5.0
Go/github.com/mattermost/mattermost-serverfrom 0
Go/github.com/mattermost/mattermost-server/v5from 0
Go/github.com/mattermost/mattermost-server/v6>= 6.4.0, < 6.5.0
Go/github.com/mattermost/mattermost-server/v6>= 6.4.0, < 6.5.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-32rp-q37p-jg6w
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-1384
PATCHgithub.com/mattermost/mattermost-server
WEBhttps://mattermost.com/security-updates
WEBhttps://mattermost.com/security-updates/