Page 6 of 37 results (0.005 seconds)

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. • https://mattermost.com/security-updates • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •

CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •