Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 232
BDU:2024-11496
Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием процедуры авторизации, позволяющая нарушителю удалить произвольное сообщение
GHSA-hm57-h27x-599c
Mattermost incorrectly issues two sessions when using desktop SSO
CVE-2024-10214
Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.
CVE-2024-10214
Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues ...
GHSA-c6vp-jjgv-38wj
Mattermost allows remote/synthetic users to create sessions, reset passwords
GHSA-p433-57hw-rf68
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.
GHSA-hrf9-rm95-fpf3
Mattermost Cross-Site Request Forgery vulnerability
GHSA-4ww8-fprq-cq34
Mattermost doesn't redact remote users' original email addresses
GHSA-5263-pm2h-m7hw
Mattermost doesn't restrict which roles can promote a user as system admin
GHSA-59w3-f5g7-27hp
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2024-11496 Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием процедуры авторизации, позволяющая нарушителю удалить произвольное сообщение | CVSS3: 4.3 | 0% Низкий | 8 месяцев назад |
| GHSA-hm57-h27x-599c Mattermost incorrectly issues two sessions when using desktop SSO | CVSS3: 3.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-10214 Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings. | CVSS3: 3.5 | 0% Низкий | 8 месяцев назад |
| CVE-2024-10214 Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues ... | CVSS3: 3.5 | 0% Низкий | 8 месяцев назад |
| GHSA-c6vp-jjgv-38wj Mattermost allows remote/synthetic users to create sessions, reset passwords | CVSS3: 4.8 | 0% Низкий | 10 месяцев назад |
| GHSA-p433-57hw-rf68 Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user. | CVSS3: 4.3 | 0% Низкий | 10 месяцев назад |
| GHSA-hrf9-rm95-fpf3 Mattermost Cross-Site Request Forgery vulnerability | CVSS3: 4.6 | 0% Низкий | 10 месяцев назад |
| GHSA-4ww8-fprq-cq34 Mattermost doesn't redact remote users' original email addresses | CVSS3: 4.3 | 0% Низкий | 10 месяцев назад |
| GHSA-5263-pm2h-m7hw Mattermost doesn't restrict which roles can promote a user as system admin | CVSS3: 4.7 | 0% Низкий | 10 месяцев назад |
| GHSA-59w3-f5g7-27hp Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash. | CVSS3: 4.9 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу