CVE-2022-1548 LOW

CVE-2022-1548: Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.

Vendor Mattermost

Product Mattermost Playbooks

Weakness CWE-264

Published May 3, 2022

Last update December 6, 2024

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.

Key dates

02Disclosure timeline

May 3, 2022 CVE published

December 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1548

Related vulnerabilities

04Related CVE

CVE-2022-36375 WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability CVE-2019-1591 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability CVE-2019-15960 Cisco Webex Network Recording Admin Page Privilege Escalation Vulnerability CVE-2022-38070 WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability CVE-2020-8485 ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300

Identifiers

CVE CVE-2022-1548

CWE CWE-264

CVSS 3.7 / LOW

Affected versions

Vendor Mattermost

Product Mattermost Playbooks

Affected ≥ Playbooks and ≤ 1.25