ATENTION‼ New - CVE-2017-18889
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18888
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18887
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18886
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18885
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18884
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18883
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18882
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18881
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18880
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18879
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.📖 Read
via "National Vulnerability Database".
❌ Former DIA Analyst Sentenced to Prison Over Data Leak ❌
📖 Read
via "Threatpost".
A former Defense Intelligence Agency analyst leaked classified information to two journalists - one of whom he was dating - shedding light on insider threats.📖 Read
via "Threatpost".
Threat Post
Former DIA Analyst Sentenced to Prison Over Data Leak
A former Defense Intelligence Agency analyst leaked classified information to two journalists - one of whom he was dating - shedding light on insider threats.
🕴 Australian Government Under Ongoing Cyberattack 🕴
📖 Read
via "Dark Reading: ".
Experts believe China is behind the attack campaign, but China denies responsibility.📖 Read
via "Dark Reading: ".
Dark Reading
Australian Government Under Ongoing Cyberattack
Experts believe China is behind the attack campaign, but China denies responsibility.
ATENTION‼ New - CVE-2017-18878
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18874
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18873
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18872
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11084
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11083
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11082
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-11081
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.📖 Read
via "National Vulnerability Database".