Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 264
CVE-2023-2783
Mattermost Apps Framework fails to verify that a secret provided in th ...
GHSA-vc9q-cghx-53cj
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.
CVE-2023-2808
Mattermost fails to normalize UTF confusable characters when determini ...
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before e ...
GHSA-9h27-89mr-2qm2
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVE-2023-2193
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVE-2023-2193
Mattermost fails to invalidate existing authorization codes when deaut ...
GHSA-w3q2-jmrg-5rfm
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2023-2783 Mattermost Apps Framework fails to verify that a secret provided in th ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-vc9q-cghx-53cj Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-2808 Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2808 Mattermost fails to normalize UTF confusable characters when determini ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2514 Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | CVSS3: 6.7 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2514 Mattermost Sever fails to redact the DB username and password before e ... | CVSS3: 6.7 | 0% Низкий | больше 2 лет назад |
| GHSA-9h27-89mr-2qm2 Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| CVE-2023-2193 Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| CVE-2023-2193 Mattermost fails to invalidate existing authorization codes when deaut ... | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-w3q2-jmrg-5rfm Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner. | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу