RSS   Vulnerabilities for 'Mattermost server'   RSS

2020-06-19
 
CVE-2017-18921

CWE-79
 

 
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.

 
 
CVE-2017-18920

NVD-CWE-Other
 

 
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.

 
 
CVE-2017-18919

CWE-287
 

 
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.

 
 
CVE-2017-18918

CWE-295
 

 
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.

 
 
CVE-2017-18917

CWE-916
 

 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

 
 
CVE-2017-18916

CWE-732
 

 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.

 
 
CVE-2017-18915

CWE-276
 

 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.

 
 
CVE-2017-18914

CWE-754
 

 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.

 
 
CVE-2017-18913

CWE-79
 

 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.

 
 
CVE-2017-18908

CWE-287
 

 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.

 


Copyright 2020, cxsecurity.com

 

Back to Top