CVE-2022-1384

MEDIUM

Mattermost < 6.5.0 - Authenticated Plugin Version Check Bypass

Title source: llm
STIX 2.1

Description

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://mattermost.com/security-updates/

Scores

CVSS v3 4.7
EPSS 0.0065
EPSS Percentile 46.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-477 CWE-862
Status published
Products (2)
mattermost/mattermost-server 6.4.0 - 6.5.0Go
mattermost/mattermost_server < 6.5.0
Published Apr 19, 2022
Tracked Since Feb 18, 2026