Summary
Five vulnerabilities, including three with a “critical” severity, were discovered in Mattermost, an open-source collaboration platform designed for internal communication in organizations and companies. These vulnerabilities, if exploited, could allow an attacker to access sensitive information and/or gain arbitrary access to files on target devices.
Risk
Vulnerability impact estimate on the reference community: High (66.53)
Type
- Arbitrary File Read
- Information Disclosure
Affected products and/or versions
Mattermost
- 10.4.x, version 10.4.1 and earlier
- 9.11.x, version 9.11.7 and earlier
- 10.3.x, version 10.3.2 and earlier
- 10.2.x, version 10.2.2 and earlier
Mitigation actions
In line with the vendor’s statements, it is recommended to update vulnerable products following the indications of the security bulletins reported in the References section.
Below are only the CVEs related to the vulnerabilities with a severity of “critical”:
References
https://github.com/advisories/GHSA-5fwx-p6xh-vjrh
https://github.com/advisories/GHSA-v469-7wp6-7cvp
https://github.com/advisories/GHSA-p4jg-qmjv-9×26
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
