CVE-2024-23898

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross- ...

Continue Reading
BIT-mattermost-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket...Read More ...

Continue Reading
BIT-mattermost-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket...Read More ...

Continue Reading
BIT-mattermost-2023-2281

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data ...

Continue Reading
BIT-mattermost-2023-2281

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data ...

Continue Reading
BIT-mattermost-2023-1775

When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information ...

Continue Reading
BIT-mattermost-2023-1775

When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information ...

Continue Reading
BIT-mattermost-2020-14457

An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka...Read More ...

Continue Reading

Back to Main

Subscribe for the latest news: