RSS   Podatności dla 'Mattermost'   RSS

2022-02-21
 
CVE-2022-0708

CWE-200
 

 
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.

 
2022-01-18
 
CVE-2021-37864

CWE-863
 

 
Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.

 
 
CVE-2021-37865

CWE-400
 

 
Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.

 
2021-12-09
 
CVE-2021-37861

CWE-532
 

 
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.

 
2021-08-05
 
CVE-2021-37859

CWE-79
 

 
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.

 
2020-06-26
 
CVE-2020-13891

CWE-200
 

 
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.

 

 >>> Vendor: Mattermost 6 Produkty
Server
Mattermost
Mattermost server
Mattermost desktop
Mattermost boards
Playbooks


Copyright 2024, cxsecurity.com

 

Back to Top