更新: 413 个文件 - 2026-03-24 03:45:07
这个提交包含在:
hao
@@ -7,19 +7,21 @@
|
||||
"title": "Mattermost fails to validate user's authentication method when processing account auth type switch",
|
||||
"summary": "Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID: MMSA-2026-00583",
|
||||
"published_at": "2026-03-16T15:30:47Z",
|
||||
"updated_at": "2026-03-19T19:31:20.982512Z",
|
||||
"updated_at": "2026-03-23T18:56:23.696710Z",
|
||||
"severity": "low",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "ecosystem-authority",
|
||||
"official_source_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/advisories/GHSA-rv67-7w2g-7976",
|
||||
"https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
|
||||
"https://github.com/mattermost/mattermost",
|
||||
"https://mattermost.com/security-updates"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2026-22545",
|
||||
"GO-2026-4786",
|
||||
"GHSA-rv67-7w2g-7976"
|
||||
],
|
||||
"cve_ids": [
|
||||
@@ -29,21 +31,27 @@
|
||||
"GHSA-rv67-7w2g-7976"
|
||||
],
|
||||
"osv_ids": [
|
||||
"GHSA-rv67-7w2g-7976"
|
||||
"GHSA-rv67-7w2g-7976",
|
||||
"GO-2026-4786"
|
||||
],
|
||||
"affected_versions": [
|
||||
"introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988",
|
||||
"introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
|
||||
"introduced=10.11.0-rc1, fixed<10.11.11",
|
||||
"introduced=11.2.0-rc1, fixed<11.2.3",
|
||||
"introduced=11.3.0-rc1, fixed<11.3.1"
|
||||
"introduced=11.3.0-rc1, fixed<11.3.1",
|
||||
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
|
||||
"introduced=0"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"8.0.0-20260127144908-ced9a56e3988",
|
||||
"5.3.2-0.20260127144908-ced9a56e3988",
|
||||
"10.11.11",
|
||||
"11.2.3",
|
||||
"11.3.1"
|
||||
"11.3.1",
|
||||
"10.11.11+incompatible",
|
||||
"11.2.3+incompatible",
|
||||
"11.3.1+incompatible"
|
||||
],
|
||||
"package_name": "github.com/mattermost/mattermost-server",
|
||||
"render_markdown": true,
|
||||
@@ -86,19 +94,25 @@
|
||||
"introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
|
||||
"introduced=10.11.0-rc1, fixed<10.11.11",
|
||||
"introduced=11.2.0-rc1, fixed<11.2.3",
|
||||
"introduced=11.3.0-rc1, fixed<11.3.1"
|
||||
"introduced=11.3.0-rc1, fixed<11.3.1",
|
||||
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
|
||||
"introduced=0"
|
||||
],
|
||||
"fixed_version_ranges": [
|
||||
"8.0.0-20260127144908-ced9a56e3988",
|
||||
"5.3.2-0.20260127144908-ced9a56e3988",
|
||||
"10.11.11",
|
||||
"11.2.3",
|
||||
"11.3.1"
|
||||
"11.3.1",
|
||||
"10.11.11+incompatible",
|
||||
"11.2.3+incompatible",
|
||||
"11.3.1+incompatible"
|
||||
],
|
||||
"introduced_version": "introduced=11.3.0-rc1, fixed<11.3.1",
|
||||
"introduced_version": "introduced=0",
|
||||
"patched_version": "8.0.0-20260127144908-ced9a56e3988",
|
||||
"version_evidence_sources": [
|
||||
"https://nvd.nist.gov/vuln/detail/CVE-2026-22545",
|
||||
"https://github.com/advisories/GHSA-rv67-7w2g-7976",
|
||||
"https://github.com/mattermost/mattermost/commit/ced9a56e3988fe9fd4559d45f9971dbd562e2218",
|
||||
"https://github.com/mattermost/mattermost",
|
||||
"https://mattermost.com/security-updates"
|
||||
@@ -108,14 +122,19 @@
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0-fixed-5-3-2-0-20260127144908-ced9a56e3988",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-fixed-10-11-11",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-2-0-rc1-fixed-11-2-3",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1"
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-11-3-0-rc1-fixed-11-3-1",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-10-11-0-rc1-incompatible-fixed-10-11-11-incompatible",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--introduced-0"
|
||||
],
|
||||
"fixed_version_refs": [
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260127144908-ced9a56e3988",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--5-3-2-0-20260127144908-ced9a56e3988",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1"
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--10-11-11-incompatible",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--11-2-3-incompatible",
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--11-3-1-incompatible"
|
||||
],
|
||||
"patched_version_refs": [
|
||||
"mattermost--repo--github-com-mattermost-mattermost-server--8-0-0-20260127144908-ced9a56e3988"
|
||||
@@ -127,29 +146,29 @@
|
||||
"version_resolution_needed": false,
|
||||
"workflow": {
|
||||
"workflow_id": "mattermost--CVE-2026-22545--workflow",
|
||||
"vuln_family": "xss",
|
||||
"entry_surface": "web-ui-render-path",
|
||||
"vuln_family": "unknown",
|
||||
"entry_surface": "repo-surface",
|
||||
"preconditions": [
|
||||
"\u4ec5\u5728 lab-local\u3001lab-public \u6216\u660e\u786e\u6388\u6743\u76ee\u6807\u4e2d\u6267\u884c\u3002",
|
||||
"\u786e\u8ba4\u76ee\u6807\u547d\u4e2d\u7248\u672c\u65ad\u8a00: introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988, introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988, introduced=10.11.0-rc1, fixed<10.11.11",
|
||||
"\u82e5\u5bf9\u8c61\u5c5e\u4e8e `repo`\uff0c\u5148\u786e\u8ba4\u6269\u5c55/\u4ed3\u5e93/\u5305\u5df2\u542f\u7528\u5e76\u5904\u4e8e\u53d7\u5f71\u54cd\u7248\u672c\u3002"
|
||||
],
|
||||
"required_role": "editor-or-admin",
|
||||
"required_role": "unknown",
|
||||
"affected_version_assertion": [
|
||||
"introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988",
|
||||
"introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988",
|
||||
"introduced=10.11.0-rc1, fixed<10.11.11",
|
||||
"introduced=11.2.0-rc1, fixed<11.2.3",
|
||||
"introduced=11.3.0-rc1, fixed<11.3.1"
|
||||
"introduced=11.3.0-rc1, fixed<11.3.1",
|
||||
"introduced=10.11.0-rc1+incompatible, fixed<10.11.11+incompatible",
|
||||
"introduced=0"
|
||||
],
|
||||
"trigger_vector": "\u5bf9 `xss` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
|
||||
"trigger_vector": "\u5bf9 `unknown` \u5bb6\u65cf\u5165\u53e3\u6295\u9012\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\uff0c\u6bd4\u8f83\u4fee\u590d\u524d\u540e\u5dee\u5f02\u3002",
|
||||
"request_or_ui_path": [
|
||||
"/admin/editor",
|
||||
"/preview",
|
||||
"/rendered-content"
|
||||
"/repo"
|
||||
],
|
||||
"input_shape": "\u53d7\u63a7 HTML/Markdown/\u5bcc\u6587\u672c\u8f93\u5165\uff0c\u89c2\u5bdf\u6e32\u67d3\u4e0a\u4e0b\u6587\u662f\u5426\u5931\u53bb\u7f16\u7801\u6216\u51c0\u5316\u3002",
|
||||
"expected_unsafe_behavior": "\u8f93\u5165\u5728\u76ee\u6807\u4e0a\u4e0b\u6587\u6267\u884c\u6216\u88ab\u6d4f\u89c8\u5668\u89e3\u91ca\u4e3a\u4e3b\u52a8\u5185\u5bb9\u3002",
|
||||
"input_shape": "\u63d0\u4ea4\u6700\u5c0f\u5316\u3001\u53ef\u5ba1\u8ba1\u3001\u53ef\u56de\u6eda\u7684\u53d7\u63a7\u8f93\u5165\u3002",
|
||||
"expected_unsafe_behavior": "\u76ee\u6807\u8868\u73b0\u51fa\u8d85\u51fa\u8bbe\u8ba1\u8fb9\u754c\u7684\u884c\u4e3a\u3002",
|
||||
"server_evidence_points": [
|
||||
"\u5e94\u7528\u65e5\u5fd7\u4e2d\u7684\u547d\u4e2d\u8def\u5f84\u3001\u9274\u6743\u51b3\u7b56\u548c\u5f02\u5e38\u6808",
|
||||
"\u53cd\u5411\u4ee3\u7406\u6216\u8fb9\u754c\u5c42\u65e5\u5fd7\u4e2d\u7684\u8bf7\u6c42\u5934\u3001\u6765\u6e90 IP \u4e0e\u8def\u7531\u51b3\u7b56"
|
||||
@@ -171,7 +190,7 @@
|
||||
"\u786e\u8ba4\u76ee\u6807\u7248\u672c\u4ece `introduced=0, fixed<8.0.0-20260127144908-ced9a56e3988, introduced=0, fixed<5.3.2-0.20260127144908-ced9a56e3988, introduced=10.11.0-rc1, fixed<10.11.11` \u5347\u7ea7\u6216\u56de\u79fb\u5230 `8.0.0-20260127144908-ced9a56e3988`\u3002",
|
||||
"\u4fdd\u7559\u540c\u4e00\u7ec4\u53d7\u63a7\u8f93\u5165\uff0c\u5728\u4fee\u590d\u524d\u540e\u5206\u522b\u6267\u884c\u5e76\u6bd4\u5bf9\u54cd\u5e94\u3001\u65e5\u5fd7\u4e0e\u6d4f\u89c8\u5668\u8bc1\u636e\u3002",
|
||||
"\u786e\u8ba4\u4fee\u590d\u540e\u4ec5\u4fdd\u7559\u9884\u671f\u4e1a\u52a1\u884c\u4e3a\uff0c\u4e0d\u518d\u89e6\u53d1\u8d8a\u6743\u3001\u56de\u663e\u3001\u5f02\u5e38\u6e32\u67d3\u6216\u9519\u8bef\u8bf7\u6c42\u3002",
|
||||
"\u8865\u5145 `xss` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
|
||||
"\u8865\u5145 `unknown` \u65cf\u81ea\u52a8\u5316\u56de\u5f52\uff0c\u907f\u514d\u540c\u7c7b\u8def\u5f84\u5728\u63d2\u4ef6\u3001\u4e3b\u9898\u6216\u4ee3\u7406\u94fe\u4e2d\u56de\u5f52\u3002"
|
||||
],
|
||||
"lab_safety_notes": [
|
||||
"\u53ea\u4f7f\u7528\u56de\u73af\u5730\u5740\u3001\u54e8\u5175\u76ee\u6807\u3001\u65e0\u5bb3\u6837\u672c\u6216\u53ef\u56de\u6eda\u6d4b\u8bd5\u6570\u636e\u3002",
|
||||
@@ -202,7 +221,7 @@
|
||||
"source_kinds": [
|
||||
"osv-batch"
|
||||
],
|
||||
"candidate_count": 1,
|
||||
"candidate_count": 2,
|
||||
"entity_ref_count": 2,
|
||||
"advisory_scope": "repo",
|
||||
"version_confidence": "high",
|
||||
|
||||
在新工单中引用
屏蔽一个用户