Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 264
CVE-2021-37864
Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
CVE-2021-37864
Mattermost 6.1 and earlier fails to sufficiently validate permissions ...
GHSA-hvvh-wh5g-3ppr
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.
CVE-2021-37861
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.
CVE-2021-37861
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...
GHSA-hv5f-73mr-7vvj
Cross-site Scripting in Mattermost
CVE-2021-37860
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.
CVE-2021-37860
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affe ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-37864 Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs. | CVSS3: 2.6 | 0% Низкий | около 4 лет назад |
| CVE-2021-37864 Mattermost 6.1 and earlier fails to sufficiently validate permissions ... | CVSS3: 2.6 | 0% Низкий | около 4 лет назад |
| GHSA-hvvh-wh5g-3ppr Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | 0% Низкий | около 4 лет назад | |
| CVE-2021-37861 Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | CVSS3: 5.8 | 0% Низкий | около 4 лет назад |
| CVE-2021-37861 Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ... | CVSS3: 5.8 | 0% Низкий | около 4 лет назад |
| GHSA-hv5f-73mr-7vvj Cross-site Scripting in Mattermost | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
| CVE-2021-37860 Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. | CVSS3: 3.7 | 0% Низкий | больше 4 лет назад |
| CVE-2021-37860 Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ... | CVSS3: 3.7 | 0% Низкий | больше 4 лет назад |
| CVE-2021-37859 Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. | CVSS3: 7.1 | 45% Средний | больше 4 лет назад |
| CVE-2021-37859 Fixed a bypass for a reflected cross-site scripting vulnerability affe ... | CVSS3: 7.1 | 45% Средний | больше 4 лет назад |
Уязвимостей на страницу