Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 236
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affe ...
CVE-2020-13891
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.
CVE-2019-20851
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
CVE-2019-1003026
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
CVE-2019-1003026
A server-side request forgery vulnerability exists in Jenkins Mattermo ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-37859 Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. | CVSS3: 7.1 | 45% Средний | почти 4 года назад |
| CVE-2021-37859 Fixed a bypass for a reflected cross-site scripting vulnerability affe ... | CVSS3: 7.1 | 45% Средний | почти 4 года назад |
| CVE-2020-13891 An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. | CVSS3: 7.5 | 0% Низкий | около 5 лет назад |
| CVE-2019-20851 An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. | CVSS3: 9.1 | 1% Низкий | около 5 лет назад |
| CVE-2019-1003026 A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | CVSS3: 4.3 | 0% Низкий | больше 6 лет назад |
| CVE-2019-1003026 A server-side request forgery vulnerability exists in Jenkins Mattermo ... | CVSS3: 4.3 | 0% Низкий | больше 6 лет назад |
Уязвимостей на страницу