Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 239
GHSA-4x9v-95w9-xp83
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
GHSA-455c-vqrf-mghr
Mattermost Server Missing Authorization vulnerability
GHSA-m9m2-f9hg-rh66
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
GHSA-8m2w-p6c5-hh6c
Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.
CVE-2023-2791
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
CVE-2023-2791
When creating a playbook run via the /dialog API, Mattermost fails to ...
CVE-2023-2788
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
CVE-2023-2788
Mattermost fails to check if an admin user account active after an oau ...
CVE-2023-2787
Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.
CVE-2023-2787
Mattermost fails to check channel membership when accessing message th ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-4x9v-95w9-xp83 Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated. | CVSS3: 6.2 | 0% Низкий | около 2 лет назад |
| GHSA-455c-vqrf-mghr Mattermost Server Missing Authorization vulnerability | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-m9m2-f9hg-rh66 When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-8m2w-p6c5-hh6c Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-2791 When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2791 When creating a playbook run via the /dialog API, Mattermost fails to ... | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2788 Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated. | CVSS3: 6.2 | 0% Низкий | около 2 лет назад |
| CVE-2023-2788 Mattermost fails to check if an admin user account active after an oau ... | CVSS3: 6.2 | 0% Низкий | около 2 лет назад |
| CVE-2023-2787 Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-2787 Mattermost fails to check channel membership when accessing message th ... | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу