Page 14 of 199 results (0.011 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Presenta una API superflua en la que el administrador del sistema puede cambiar el nombre de la cuenta y la dirección de correo electrónico de una cuenta LDAP • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. No garantiza que una cookie sea usada sobre SSL • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite a atacantes obtener información confidencial sobre las URL del equipo por medio de una API • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Un enlace de restablecimiento de contraseña podría ser reutilizado • https://mattermost.com/security-updates • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite un ataque de tipo XSS por medio de una configuración Legal o Support • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •