CVE-2017-18906
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else’s account.
Source: CVE-2017-18906
[월:] 2020년 06월
CVE-2017-18921
CVE-2017-18921
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
Source: CVE-2017-18921
CVE-2017-18907
CVE-2017-18907
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
Source: CVE-2017-18907
CVE-2017-18908
CVE-2017-18908
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Source: CVE-2017-18908
CVE-2017-18913
CVE-2017-18913
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
Source: CVE-2017-18913
CVE-2017-18914
CVE-2017-18914
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
Source: CVE-2017-18914
CVE-2017-18915
CVE-2017-18915
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
Source: CVE-2017-18915
CVE-2017-18916
CVE-2017-18916
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
Source: CVE-2017-18916
CVE-2016-11082
CVE-2016-11082
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
Source: CVE-2016-11082
CVE-2016-11071
CVE-2016-11071
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
Source: CVE-2016-11071