Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.

Релизный цикл, информация об уязвимостях

Продукт: Mattermost

Вендор: Mattermost

График релизов

Недавние уязвимости Mattermost

Количество 232

GHSA-hvvh-wh5g-3ppr

больше 3 лет назад

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.

EPSS: Низкий

CVE-2021-37861

больше 3 лет назад

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.

CVSS3: 5.8

EPSS: Низкий

CVE-2021-37861

больше 3 лет назад

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...

CVSS3: 5.8

EPSS: Низкий

GHSA-hv5f-73mr-7vvj

больше 3 лет назад

Cross-site Scripting in Mattermost

CVSS3: 6.1

EPSS: Низкий

CVE-2021-37860

больше 3 лет назад

Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.

CVSS3: 3.7

EPSS: Низкий

CVE-2021-37860

больше 3 лет назад

Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...

CVSS3: 3.7

EPSS: Низкий

CVE-2021-37859

почти 4 года назад

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.

CVSS3: 7.1

EPSS: Средний

CVE-2021-37859

почти 4 года назад

Fixed a bypass for a reflected cross-site scripting vulnerability affe ...

CVSS3: 7.1

EPSS: Средний

CVE-2020-13891

почти 5 лет назад

An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.

CVSS3: 7.5

EPSS: Низкий

CVE-2019-20851

почти 5 лет назад

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.

CVSS3: 9.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-hvvh-wh5g-3ppr Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.		0% Низкий	больше 3 лет назад
CVE-2021-37861 Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.	CVSS3: 5.8	0% Низкий	больше 3 лет назад
CVE-2021-37861 Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...	CVSS3: 5.8	0% Низкий	больше 3 лет назад
GHSA-hv5f-73mr-7vvj Cross-site Scripting in Mattermost	CVSS3: 6.1	0% Низкий	больше 3 лет назад
CVE-2021-37860 Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.	CVSS3: 3.7	0% Низкий	больше 3 лет назад
CVE-2021-37860 Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...	CVSS3: 3.7	0% Низкий	больше 3 лет назад
CVE-2021-37859 Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.	CVSS3: 7.1	45% Средний	почти 4 года назад
CVE-2021-37859 Fixed a bypass for a reflected cross-site scripting vulnerability affe ...	CVSS3: 7.1	45% Средний	почти 4 года назад
CVE-2020-13891 An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.	CVSS3: 7.5	0% Низкий	почти 5 лет назад
CVE-2019-20851 An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.	CVSS3: 9.1	1% Низкий	почти 5 лет назад

Уязвимостей на страницу