Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket...Read More ...
Continue Reading
February 01, 2024
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data ...
Continue Reading
February 01, 2024
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data ...
Continue Reading
February 01, 2024
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information ...
Continue Reading
February 01, 2024
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information ...
Continue Reading
February 01, 2024
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka...Read More ...
Continue Reading
February 01, 2024
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka...Read More ...
Continue Reading
February 01, 2024
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...
Continue Reading
February 01, 2024
Back to Main
