Описание
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0 (включая)
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00168
Низкий
3.7 Low
CVSS3
5.4 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-754
CWE-754
Связанные уязвимости
CVSS3: 3.7
debian
около 4 лет назад
Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...
github
около 4 лет назад
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.
EPSS
Процентиль: 38%
0.00168
Низкий
3.7 Low
CVSS3
5.4 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-754
CWE-754