CVE-2018-21263
https://notcve.org/view.php?id=CVE-2018-21263
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. Se detectó un problema en Mattermost Server versiones anteriores a 4.7.0, 4.6.2 y 4.5.2. Un atacante podría autenticarse en una cuenta de usuario diferente por medio de una respuesta SAML diseñada • https://mattermost.com/security-updates • CWE-287: Improper Authentication •
CVE-2018-21258
https://notcve.org/view.php?id=CVE-2018-21258
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. Se detectó un problema en Mattermost Server versiones anteriores a 5.1. Permite a atacantes causar una denegación de servicio por medio del comando de barra diagonal invite_people • https://mattermost.com/security-updates • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2018-21253
https://notcve.org/view.php?id=CVE-2018-21253
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. Se detectó un problema en Mattermost Server versiones anteriores a 5.1, 5.0.2 y 4.10.2. Un atacante podría usar el comando barra diagonal invite_people para invitar a un usuario no permitido • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-20890
https://notcve.org/view.php?id=CVE-2019-20890
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. Se detectó un problema en Mattermost Server versiones anteriores a 5.7. Permite omitir unas restricciones de detección de direcciones de correo electrónico • https://mattermost.com/security-updates •
CVE-2019-20884
https://notcve.org/view.php?id=CVE-2019-20884
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post. Se detectó un problema en Mattermost Server versiones anteriores a 5.8.0. Permite a atacantes adjuntar parcialmente un archivo a más de una publicación • https://mattermost.com/security-updates •