CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11078
https://notcve.org/view.php?id=CVE-2016-11078
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite potencialmente a atacantes obtener información confidencial (campos de credenciales dentro de config.json) por medio de la Interfaz de Usuario de la consola del sistema • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11077
https://notcve.org/view.php?id=CVE-2016-11077
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Presenta una API superflua en la que el administrador del sistema puede cambiar el nombre de la cuenta y la dirección de correo electrónico de una cuenta LDAP • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11076
https://notcve.org/view.php?id=CVE-2016-11076
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. No garantiza que una cookie sea usada sobre SSL • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11075
https://notcve.org/view.php?id=CVE-2016-11075
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite a atacantes obtener información confidencial sobre las URL del equipo por medio de una API • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11074
https://notcve.org/view.php?id=CVE-2016-11074
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Un enlace de restablecimiento de contraseña podría ser reutilizado • https://mattermost.com/security-updates • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11073
https://notcve.org/view.php?id=CVE-2016-11073
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite un ataque de tipo XSS por medio de una configuración Legal o Support • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11072
https://notcve.org/view.php?id=CVE-2016-11072
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.2. Los propósitos de un ID de sesión y un Token de Sesión fueron manejados inapropiadamente • https://mattermost.com/security-updates • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11071
https://notcve.org/view.php?id=CVE-2016-11071
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. Se detectó un problema en Mattermost Server versiones anteriores a 3.1.0. Permite un ataque de tipo XSS porque los mecanismos de protección noreferrer y noopener no estaban en su lugar • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11070
https://notcve.org/view.php?id=CVE-2016-11070
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. Se detectó un problema en Mattermost Server versiones anteriores a 3.1.0. Permite un ataque de tipo XSS por medio de valores de código de color del tema • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11069
https://notcve.org/view.php?id=CVE-2016-11069
19 Jun 2020 — An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. Se detectó un problema en Mattermost Server versiones anteriores a 3.2.0. Maneja inapropiadamente los intentos de fuerza bruta en el cambio de contraseña • https://mattermost.com/security-updates • CWE-521: Weak Password Requirements •