An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mattermost_server | Mattermost | * | 4.0.5 (excluding) |
Mattermost_server | Mattermost | 4.1.0 (including) | 4.1.1 (excluding) |
Mattermost_server | Mattermost | 4.2.0-rc1 (including) | 4.2.0-rc1 (including) |
Mattermost_server | Mattermost | 4.2.0-rc2 (including) | 4.2.0-rc2 (including) |
Mattermost_server | Mattermost | 4.2.0-rc3 (including) | 4.2.0-rc3 (including) |
Mattermost_server | Mattermost | 4.2.0-rc4 (including) | 4.2.0-rc4 (including) |