Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 245
CVE-2023-2791
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
CVE-2023-2791
When creating a playbook run via the /dialog API, Mattermost fails to ...
CVE-2023-2788
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
CVE-2023-2788
Mattermost fails to check if an admin user account active after an oau ...
CVE-2023-2787
Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.
CVE-2023-2787
Mattermost fails to check channel membership when accessing message th ...
CVE-2023-2786
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.
CVE-2023-2786
Mattermost fails to properly check thepermissions when executing comma ...
CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.
CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, befo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-2791 When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2791 When creating a playbook run via the /dialog API, Mattermost fails to ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2788 Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated. | CVSS3: 6.2 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2788 Mattermost fails to check if an admin user account active after an oau ... | CVSS3: 6.2 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2787 Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2787 Mattermost fails to check channel membership when accessing message th ... | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2786 Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2786 Mattermost fails to properly check thepermissions when executing comma ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2784 Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | CVSS3: 4.2 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2784 Mattermost fails to verify if the requestor is a sysadmin or not, befo ... | CVSS3: 4.2 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу