CVE-2022-1332: Improper Privilege Management

April 14, 2022 (updated April 22, 2022)

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.

References

github.com/advisories/GHSA-qggc-pj29-j27m
mattermost.com/security-updates/
nvd.nist.gov/vuln/detail/CVE-2022-1332

Code Behaviors & Features

Detect and mitigate CVE-2022-1332 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →