Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- https://chat.dhs.gov/login
- "name": "Mattermost",
- "short_name": "Mattermost",
- "orientation": "any",
- "display": "standalone",
- "start_url": "..",
- "description": "Mattermost is an open source, self-hosted Slack-alternative",
- CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
- 1 CVE-2020-14460 269 2020-06-19 2021-07-21 4.0 None Remote Low ??? None Partial None
- An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
- 2 CVE-2020-14459 20 2020-06-19 2020-06-19 5.0 None Remote Low Not required None Partial None
- An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
- 3 CVE-2020-14458 200 +Info 2020-06-19 2021-07-21 5.0 None Remote Low Not required Partial None None
- An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
- 4 CVE-2020-14457 862 2020-06-19 2021-07-21 5.0 None Remote Low Not required Partial None None
- An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.
- 5 CVE-2020-14456 346 2020-06-19 2020-06-25 7.5 None Remote Low Not required Partial Partial Partial
- An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.
- 6 CVE-2020-14455 287 2020-06-19 2020-06-25 4.3 None Remote Medium Not required Partial None None
- An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
- 7 CVE-2020-14454 601 2020-06-19 2020-06-25 5.8 None Remote Medium Not required Partial Partial None
- An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement