Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 245
CVE-2023-2783
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
CVE-2023-2783
Mattermost Apps Framework fails to verify that a secret provided in th ...
GHSA-vc9q-cghx-53cj
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determini ...
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before e ...
GHSA-9h27-89mr-2qm2
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVE-2023-2193
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVE-2023-2193
Mattermost fails to invalidate existing authorization codes when deaut ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-2783 Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2783 Mattermost Apps Framework fails to verify that a secret provided in th ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-vc9q-cghx-53cj Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2808 Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2808 Mattermost fails to normalize UTF confusable characters when determini ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2514 Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | CVSS3: 6.7 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2514 Mattermost Sever fails to redact the DB username and password before e ... | CVSS3: 6.7 | 0% Низкий | больше 2 лет назад |
| GHSA-9h27-89mr-2qm2 Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2193 Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2193 Mattermost fails to invalidate existing authorization codes when deaut ... | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу