CVE-2022-1003

Summary

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermostunspecified <= 6.3affected

Weaknesses

  • CWE-268: CWE-268 Privilege Chaining

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References