Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 239
CVE-2023-2786
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.
CVE-2023-2786
Mattermost fails to properly check thepermissions when executing comma ...
CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.
CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, befo ...
CVE-2023-2783
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
CVE-2023-2783
Mattermost Apps Framework fails to verify that a secret provided in th ...
GHSA-vc9q-cghx-53cj
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determini ...
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-2786 Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2786 Mattermost fails to properly check thepermissions when executing comma ... | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2784 Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | CVSS3: 4.2 | 0% Низкий | около 2 лет назад |
| CVE-2023-2784 Mattermost fails to verify if the requestor is a sysadmin or not, befo ... | CVSS3: 4.2 | 0% Низкий | около 2 лет назад |
| CVE-2023-2783 Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2783 Mattermost Apps Framework fails to verify that a secret provided in th ... | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-vc9q-cghx-53cj Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2808 Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2808 Mattermost fails to normalize UTF confusable characters when determini ... | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-2514 Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | CVSS3: 6.7 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу