CVE-2022-1003
Sysadmin can override existing configs & bypass restrictions like EnableUploads
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
Affected products
Mattermost · MattermostWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://mattermost.com/security-updates/