Page 8 of 71 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged • https://mattermost.com/security-updates • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name. • https://mattermost.com/security-updates • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message • https://mattermost.com/security-updates • CWE-862: Missing Authorization •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •