Описание
Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.17.0 (исключая)
cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00334
Низкий
2.6 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-909
CWE-909
Связанные уязвимости
CVSS3: 2.6
github
больше 1 года назад
Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.
EPSS
Процентиль: 56%
0.00334
Низкий
2.6 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-909
CWE-909