Количество 4
Количество 4
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/ ...
GHSA-2pgg-h82p-8cpr
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack.
BDU:2024-00227
Уязвимость компонента /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю осуществить CSRF-атаку
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-45316 Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. | CVSS3: 7.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-45316 Mattermost fails to validate if a relative path is passed in /plugins/ ... | CVSS3: 7.3 | 0% Низкий | около 2 лет назад |
| GHSA-2pgg-h82p-8cpr Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. | CVSS3: 7.3 | 0% Низкий | около 2 лет назад |
 | BDU:2024-00227 Уязвимость компонента /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю осуществить CSRF-атаку | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу