Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.Read More ...
Continue Reading17 июля, 2023
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by� ...
Continue Reading17 июля, 2023
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.Read More ...
Continue Reading17 июля, 2023
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.Read More ...
Continue Reading17 июля, 2023
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, Read Mor ...
Continue Reading17 июля, 2023
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.Read More ...
Continue Reading17 июля, 2023
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a ` ...
Continue Reading17 июля, 2023
The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) ...
Continue Reading17 июля, 2023
Back to Main