CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11076
https://notcve.org/view.php?id=CVE-2016-11076
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. No garantiza que una cookie sea usada sobre SSL • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11075
https://notcve.org/view.php?id=CVE-2016-11075
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite a atacantes obtener información confidencial sobre las URL del equipo por medio de una API • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11074
https://notcve.org/view.php?id=CVE-2016-11074
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Un enlace de restablecimiento de contraseña podría ser reutilizado • https://mattermost.com/security-updates • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11073
https://notcve.org/view.php?id=CVE-2016-11073
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite un ataque de tipo XSS por medio de una configuración Legal o Support • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11072
https://notcve.org/view.php?id=CVE-2016-11072
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.2. Los propósitos de un ID de sesión y un Token de Sesión fueron manejados inapropiadamente • https://mattermost.com/security-updates • CWE-287: Improper Authentication •