Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 264
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
CVE-2023-35075
Mattermost fails to use innerText /textContentwhen setting the channel ...
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding ...
GHSA-xvq6-h898-wcj8
Mattermost denial of service vulnerability
GHSA-r67m-mf7v-qp7j
Mattermost password hash disclosure vulnerability
GHSA-w496-f5qq-m58j
Mattermost vulnerable to excessive memory consumption
CVE-2023-5969
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.
CVE-2023-5969
Mattermost fails to properly sanitize the request to/api/v4/redirect_l ...
CVE-2023-5968
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-35075 Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though. | CVSS3: 3.1 | 1% Низкий | около 2 лет назад |
| CVE-2023-35075 Mattermost fails to use innerText /textContentwhen setting the channel ... | CVSS3: 3.1 | 1% Низкий | около 2 лет назад |
| CVE-2023-47865 Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-47865 Mattermost fails to check if hardened mode is enabled when overriding ... | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-xvq6-h898-wcj8 Mattermost denial of service vulnerability | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-r67m-mf7v-qp7j Mattermost password hash disclosure vulnerability | CVSS3: 4.9 | 0% Низкий | около 2 лет назад |
| GHSA-w496-f5qq-m58j Mattermost vulnerable to excessive memory consumption | CVSS3: 5.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5969 Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. | CVSS3: 5.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5969 Mattermost fails to properly sanitize the request to/api/v4/redirect_l ... | CVSS3: 5.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5968 Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | CVSS3: 4.9 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу