NotCVE - vendor:"Mattermost" product:"Mattermost" version:"

Page 6 of 58 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-37864 – Users can view the contents of an archived channel when access is explicitly denied by the system admin

https://notcve.org/view.php?id=CVE-2021-37864

18 Jan 2022 — Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs. Mattermost versiones 6.1 y anteriores no comprueban suficientemente los permisos mientras son visualizados los canales archivados, lo que permite a usuarios autenticados visualizar el contenido de los canales archivados incluso cuando los administradores d... • https://mattermost.com/security-updates • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-37865 – Server-side Denial of Service while processing a specifically crafted GIF file

https://notcve.org/view.php?id=CVE-2021-37865

18 Jan 2022 — Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. Mattermost versiones 6.2 y anteriores no procesan suficientemente un archivo GIF específicamente diseñado cuando es cargado mientras es redactada una publicación, lo que permite a usuarios autenticados causar el agotamiento de los recursos mientra... • https://hackerone.com/reports/1428260 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-37861

https://notcve.org/view.php?id=CVE-2021-37861

09 Dec 2021 — Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. Mattermost versiones 6.0.2 y anteriores, no sanean suficientemente la contraseña del usuario en los registros de auditoría cuando falla la creación del usuario • https://mattermost.com/security-updates • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-37860

https://notcve.org/view.php?id=CVE-2021-37860

22 Sep 2021 — Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. Mattermost versiones 5.38 y anteriores, no sanean suficientemente el contenido del portapapeles, lo que permite a un atacante con ayuda del usuario inyectar un script web arbitrario en las implementaciones del producto que deshabilitan explícitamente el CSP predeterminado • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 44%CPEs: 3EXPL: 0

CVE-2021-37859 – Reflected XSS in OAuth Flow

https://notcve.org/view.php?id=CVE-2021-37859

05 Aug 2021 — Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. Se ha corregido una omisión para una vulnerabilidad de tipo cross-site scripting reflejado que afectaba a las instancias de Mattermost habilitadas para OAuth • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-13891

https://notcve.org/view.php?id=CVE-2020-13891

26 Jun 2020 — An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. Se detectó un problema en Mattermost Mobile Apps versiones anteriores a 1.31.2 en iOS. Los servidores de terceros no deseados a veces pueden obtener tokens de autorización, también se conoce como MMSA-2020-0022 • https://mattermost.com/security-updates •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-20851

https://notcve.org/view.php?id=CVE-2019-20851

19 Jun 2020 — An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. Se detectó un problema en Mattermost Mobile Apps versiones anteriores a 1.26.0. Un atacante puede usar un salto de directorio con la funcionalidad Video Preview para sobrescribir archivos arbitrarios en un dispositivo • https://mattermost.com/security-updates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-1003026

https://notcve.org/view.php?id=CVE-2019-1003026

20 Feb 2019 — A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. Existe una vulnerabilidad Server-Side Request Forgery (SSRF) en Jenkins Mattermost Notification Plugin, en versiones 2.6.2 y anteriores, en MattermostNotifier.java, que permite que los atacantes con permisos Overall/Read hagan ... • http://www.securityfocus.com/bid/107295 • CWE-918: Server-Side Request Forgery (SSRF) •

1...4 5 6