CVE-2022-2401
Team members could access sensitive information of other users via an API call
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.
Una divulgación de información sin restricciones de todos los usuarios en Mattermost versiones 6.7.0 y anteriores, permite a miembros del equipo acceder a determinada información confidencial mediante el acceso directo a las API
*Credits:
Thanks to Elias Nahum for contributing to this improvement under the Mattermost responsible disclosure policy.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-14 CVE Reserved
- 2022-07-14 CVE Published
- 2024-02-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://mattermost.com/security-updates | 2022-07-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | < 6.3.9 Search vendor "Mattermost" for product "Mattermost Server" and version " < 6.3.9" | - |
Affected
| ||||||
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | >= 6.4.0 < 6.5.2 Search vendor "Mattermost" for product "Mattermost Server" and version " >= 6.4.0 < 6.5.2" | - |
Affected
| ||||||
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | 6.6.0 Search vendor "Mattermost" for product "Mattermost Server" and version "6.6.0" | - |
Affected
| ||||||
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | 6.6.1 Search vendor "Mattermost" for product "Mattermost Server" and version "6.6.1" | - |
Affected
| ||||||
| Mattermost Search vendor "Mattermost" | Mattermost Server Search vendor "Mattermost" for product "Mattermost Server" | 6.7.0 Search vendor "Mattermost" for product "Mattermost Server" and version "6.7.0" | - |
Affected
| ||||||