Mattermost — безопасная платформа для совместной работы, позволяющая объединить ваши команды, инструменты и процессы для ускорения критически важной работы.
Релизный цикл, информация об уязвимостях
График релизов
Количество 232
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding ...
GHSA-r67m-mf7v-qp7j
Mattermost password hash disclosure vulnerability
GHSA-xvq6-h898-wcj8
Mattermost denial of service vulnerability
GHSA-w496-f5qq-m58j
Mattermost vulnerable to excessive memory consumption
CVE-2023-5969
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.
CVE-2023-5969
Mattermost fails to properly sanitize the request to/api/v4/redirect_l ...
CVE-2023-5968
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
CVE-2023-5968
Mattermost fails to properly sanitize the user object when updating th ...
CVE-2023-5967
Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-47865 Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-47865 Mattermost fails to check if hardened mode is enabled when overriding ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| GHSA-r67m-mf7v-qp7j Mattermost password hash disclosure vulnerability | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
| GHSA-xvq6-h898-wcj8 Mattermost denial of service vulnerability | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| GHSA-w496-f5qq-m58j Mattermost vulnerable to excessive memory consumption | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-5969 Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-5969 Mattermost fails to properly sanitize the request to/api/v4/redirect_l ... | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-5968 Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
| CVE-2023-5968 Mattermost fails to properly sanitize the user object when updating th ... | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
| CVE-2023-5967 Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу