ATENTION‼ New - CVE-2017-18894
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18893
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18892
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18891
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18890
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18889
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18888
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18887
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18886
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18885
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18884
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18883
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18882
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18881
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18880
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18879
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.📖 Read
via "National Vulnerability Database".
❌ Former DIA Analyst Sentenced to Prison Over Data Leak ❌
📖 Read
via "Threatpost".
A former Defense Intelligence Agency analyst leaked classified information to two journalists - one of whom he was dating - shedding light on insider threats.📖 Read
via "Threatpost".
Threat Post
Former DIA Analyst Sentenced to Prison Over Data Leak
A former Defense Intelligence Agency analyst leaked classified information to two journalists - one of whom he was dating - shedding light on insider threats.
🕴 Australian Government Under Ongoing Cyberattack 🕴
📖 Read
via "Dark Reading: ".
Experts believe China is behind the attack campaign, but China denies responsibility.📖 Read
via "Dark Reading: ".
Dark Reading
Australian Government Under Ongoing Cyberattack
Experts believe China is behind the attack campaign, but China denies responsibility.
ATENTION‼ New - CVE-2017-18878
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18874
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18873
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.📖 Read
via "National Vulnerability Database".