Page 5 of 44 results (0.016 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. Mattermost no aplica un límite para el tamaño de la entrada de caché para los datos de OpenGraph, lo que permite a un atacante enviar una solicitud especialmente manipulada al /api/v4/opengraph, llenando el caché y haciendo que el servidor no esté disponible. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. Mattermost no restringe los valores de los parámetros que toma de la solicitud durante el registro, lo que permite a un atacante registrar a los usuarios como inactivos, bloqueándoles así el acceso posterior a Mattermost sin que el administrador del sistema active sus cuentas. • https://mattermost.com/security-updates • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •