CVE-2016-11076
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
Source: CVE-2016-11076
[월:] 2020년 06월
CVE-2016-11081
CVE-2016-11081
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
Source: CVE-2016-11081
CVE-2016-11080
CVE-2016-11080
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
Source: CVE-2016-11080
CVE-2016-11073
CVE-2016-11073
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
Source: CVE-2016-11073
CVE-2016-11074
CVE-2016-11074
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
Source: CVE-2016-11074
CVE-2016-11075
CVE-2016-11075
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
Source: CVE-2016-11075
CVE-2016-11077
CVE-2016-11077
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
Source: CVE-2016-11077
CVE-2016-11078
CVE-2016-11078
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
Source: CVE-2016-11078
CVE-2016-11069
CVE-2016-11069
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
Source: CVE-2016-11069
CVE-2016-11072
CVE-2016-11072
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
Source: CVE-2016-11072