Page 11 of 71 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. • https://mattermost.com/security-updates • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner. • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •