CVE-2022-1384

Missing Authorization in go/github.com/mattermost/mattermost-server/v6

Identifiers

GHSA-32rp-q37p-jg6w, CVE-2022-1384

Package Slug

go/github.com/mattermost/mattermost-server/v6

Vulnerability

Missing Authorization

Description

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.

Affected Versions

All versions starting from 6.4.0 before 6.5.0

Solution

Upgrade to version 6.5.0 or above.

Last Modified

2022-05-01

source