Описание
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mattermost-server | itp | package |
EPSS
Процентиль: 31%
0.00119
Низкий
Связанные уязвимости
CVSS3: 4.6
nvd
больше 1 года назад
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks
CVSS3: 4.6
github
больше 1 года назад
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
EPSS
Процентиль: 31%
0.00119
Низкий