Page 10 of 176 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite el acceso no deseado a una información almacenada por un navegador web • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Ofrece unas API superfluas para que un administrador del equipo visualice los detalles de la cuenta • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite un ataque de tipo XSS por medio de una URL de redireccionamiento • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite potencialmente a atacantes obtener información confidencial (campos de credenciales dentro de config.json) por medio de la Interfaz de Usuario de la consola del sistema • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Presenta una API superflua en la que el administrador del sistema puede cambiar el nombre de la cuenta y la dirección de correo electrónico de una cuenta LDAP • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •