ATENTION‼ New - CVE-2018-21253
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21251
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21250
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21249
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21248
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18877
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18876
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18875
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18871
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18870
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.📖 Read
via "National Vulnerability Database".
🕴 Cloud Security Alliance Offers Tips to Protect Telehealth Data 🕴
📖 Read
via "Dark Reading: ".
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.📖 Read
via "Dark Reading: ".
Dark Reading
Cloud Security Alliance Offers Tips to Protect Telehealth Data
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
ATENTION‼ New - CVE-2017-18898
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18897
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18896
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18895
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18894
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18893
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18892
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18891
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18890
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18889
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.📖 Read
via "National Vulnerability Database".