Page 27 of 362 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •