ATENTION‼ New - CVE-2018-21260
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21259
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21258
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21257
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21255
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21254
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21253
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21251
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21250
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21249
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21248
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18877
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18876
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18875
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18871
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18870
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.📖 Read
via "National Vulnerability Database".
🕴 Cloud Security Alliance Offers Tips to Protect Telehealth Data 🕴
📖 Read
via "Dark Reading: ".
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.📖 Read
via "Dark Reading: ".
Dark Reading
Cloud Security Alliance Offers Tips to Protect Telehealth Data
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
ATENTION‼ New - CVE-2017-18898
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18897
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18896
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18895
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.📖 Read
via "National Vulnerability Database".