Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 232
GHSA-h8wh-f7gw-fwpr
Mattermost Incorrect Authorization vulnerability
CVE-2023-5196
Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.
CVE-2023-5196
Mattermost fails to enforce character limits in all possible notificat ...
CVE-2023-5195
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
CVE-2023-5195
Mattermost fails to properly validate the permissions when soft deleti ...
CVE-2023-5194
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
CVE-2023-5194
Mattermost fails to properly validate permissions when demoting and de ...
CVE-2023-5193
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
CVE-2023-5193
Mattermost fails to properly check permissions when retrieving a post ...
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-h8wh-f7gw-fwpr Mattermost Incorrect Authorization vulnerability | CVSS3: 2.7 | 0% Низкий | больше 1 года назад |
 | CVE-2023-5196 Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2023-5196 Mattermost fails to enforce character limits in all possible notificat ... | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2023-5195 Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2023-5195 Mattermost fails to properly validate the permissions when soft deleti ... | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2023-5194 Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager | CVSS3: 2.7 | 0% Низкий | больше 1 года назад |
| CVE-2023-5194 Mattermost fails to properly validate permissions when demoting and de ... | CVSS3: 2.7 | 0% Низкий | больше 1 года назад |
| CVE-2023-5193 Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
| CVE-2023-5193 Mattermost fails to properly check permissions when retrieving a post ... | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
| CVE-2023-5159 Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. | CVSS3: 3.8 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу