Page 14 of 98 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel. • https://mattermost.com/security-updates • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •