CVE-2016-11079
https://notcve.org/view.php?id=CVE-2016-11079
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite un ataque de tipo XSS por medio de una URL de redireccionamiento • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-11078
https://notcve.org/view.php?id=CVE-2016-11078
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite potencialmente a atacantes obtener información confidencial (campos de credenciales dentro de config.json) por medio de la Interfaz de Usuario de la consola del sistema • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-11077
https://notcve.org/view.php?id=CVE-2016-11077
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Presenta una API superflua en la que el administrador del sistema puede cambiar el nombre de la cuenta y la dirección de correo electrónico de una cuenta LDAP • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-11076
https://notcve.org/view.php?id=CVE-2016-11076
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. No garantiza que una cookie sea usada sobre SSL • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •
CVE-2016-11075
https://notcve.org/view.php?id=CVE-2016-11075
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite a atacantes obtener información confidencial sobre las URL del equipo por medio de una API • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •