Опубликовано: 01 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.1
CVSS3: 2.7
Описание
Mattermost failed to properly validate synced reactions
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
Пакеты
Наименование
github.com/mattermost/mattermost/server/v8
go
Затронутые версииВерсия исправления
>= 9.5.0, < 9.5.7
9.5.7
Наименование
github.com/mattermost/mattermost/server/v8
go
Затронутые версииВерсия исправления
= 9.9.0
9.9.1
Связанные уязвимости
CVSS3: 2.7
nvd
11 месяцев назад
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts
CVSS3: 2.7
debian
11 месяцев назад
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly va ...