API tools faq
paste
Advertisement
xGHOSTSECx

Department of Home Improvements

xGHOSTSECx
Dec 26th, 2021
711
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.22 KB | None | 0 0
raw download clone embed print report
  1. https://chat.dhs.gov/login
  2. "name": "Mattermost",
  3. "short_name": "Mattermost",
  4. "orientation": "any",
  5. "display": "standalone",
  6. "start_url": "..",
  7. "description": "Mattermost is an open source, self-hosted Slack-alternative",
  8.  
  9. CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
  10. 1 CVE-2020-14460 269 2020-06-19 2021-07-21 4.0 None Remote Low ??? None Partial None
  11. An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
  12. 2 CVE-2020-14459 20 2020-06-19 2020-06-19 5.0 None Remote Low Not required None Partial None
  13. An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
  14. 3 CVE-2020-14458 200 +Info 2020-06-19 2021-07-21 5.0 None Remote Low Not required Partial None None
  15. An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
  16. 4 CVE-2020-14457 862 2020-06-19 2021-07-21 5.0 None Remote Low Not required Partial None None
  17. An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.
  18. 5 CVE-2020-14456 346 2020-06-19 2020-06-25 7.5 None Remote Low Not required Partial Partial Partial
  19. An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.
  20. 6 CVE-2020-14455 287 2020-06-19 2020-06-25 4.3 None Remote Medium Not required Partial None None
  21. An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
  22. 7 CVE-2020-14454 601 2020-06-19 2020-06-25 5.8 None Remote Medium Not required Partial Partial None
  23. An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!