Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 239
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before e ...
GHSA-9h27-89mr-2qm2
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.

CVE-2023-2193
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVE-2023-2193
Mattermost fails to invalidate existing authorization codes when deaut ...
GHSA-w3q2-jmrg-5rfm
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.

CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.
CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering ...
GHSA-7rfw-qh9g-vg98
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
GHSA-j3wj-gffr-9v8h
A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.

CVE-2023-27264
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
---|---|---|---|---|
CVE-2023-2514 Mattermost Sever fails to redact the DB username and password before e ... | CVSS3: 6.7 | 0% Низкий | около 2 лет назад | |
GHSA-9h27-89mr-2qm2 Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
![]() | CVE-2023-2193 Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
CVE-2023-2193 Mattermost fails to invalidate existing authorization codes when deaut ... | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
GHSA-w3q2-jmrg-5rfm Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад | |
![]() | CVE-2023-1562 Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner. | CVSS3: 3.5 | 0% Низкий | больше 2 лет назад |
CVE-2023-1562 Mattermost fails to check the "Show Full Name" setting when rendering ... | CVSS3: 3.5 | 0% Низкий | больше 2 лет назад | |
GHSA-7rfw-qh9g-vg98 A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
GHSA-j3wj-gffr-9v8h A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
![]() | CVE-2023-27264 A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | CVSS3: 7.1 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу