Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 264
CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.
CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering ...
GHSA-7rfw-qh9g-vg98
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
GHSA-j3wj-gffr-9v8h
A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.
CVE-2023-27264
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
CVE-2023-27264
A missing permissions check in Mattermost Playbooks in Mattermost allo ...
CVE-2023-27263
A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.
CVE-2023-27263
A missing permissions check in the /plugins/playbooks/api/v0/runs API ...
GHSA-v42f-hq78-8c5m
Denial of service in Mattermost
CVE-2022-4045
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-1562 Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner. | CVSS3: 3.5 | 0% Низкий | почти 3 года назад |
| CVE-2023-1562 Mattermost fails to check the "Show Full Name" setting when rendering ... | CVSS3: 3.5 | 0% Низкий | почти 3 года назад |
| GHSA-7rfw-qh9g-vg98 A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-j3wj-gffr-9v8h A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| CVE-2023-27264 A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | CVSS3: 7.1 | 0% Низкий | почти 3 года назад |
| CVE-2023-27264 A missing permissions check in Mattermost Playbooks in Mattermost allo ... | CVSS3: 7.1 | 0% Низкий | почти 3 года назад |
| CVE-2023-27263 A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| CVE-2023-27263 A missing permissions check in the /plugins/playbooks/api/v0/runs API ... | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| GHSA-v42f-hq78-8c5m Denial of service in Mattermost | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| CVE-2022-4045 A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. | CVSS3: 3.1 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу