Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Guest user can add unauthorized team users to private channels
Vulnerability Description
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.10及之前的10.5.x版本和10.11.2及之前的10.11.x版本存在安全漏洞,该漏洞源于未能正确验证访客用户权限,可能导致访客用户通过/api/v4/channels/{channel_id}/members端点将任意团队成员添加到其私有频道。
CVSS Information
N/A
Vulnerability Type
N/A