ATENTION‼ New - CVE-2017-18870
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.📖 Read
via "National Vulnerability Database".
🕴 Cloud Security Alliance Offers Tips to Protect Telehealth Data 🕴
📖 Read
via "Dark Reading: ".
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.📖 Read
via "Dark Reading: ".
Dark Reading
Cloud Security Alliance Offers Tips to Protect Telehealth Data
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
ATENTION‼ New - CVE-2017-18898
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18897
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18896
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18895
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18894
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18893
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18892
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18891
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18890
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18889
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18888
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18887
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18886
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18885
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18884
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18883
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18882
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18881
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18880
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.📖 Read
via "National Vulnerability Database".