CVE-2017-18900
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
Source: CVE-2017-18900
[월:] 2020년 06월
CVE-2017-18898
CVE-2017-18898
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.
Source: CVE-2017-18898
CVE-2017-18910
CVE-2017-18910
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
Source: CVE-2017-18910
CVE-2017-18904
CVE-2017-18904
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.
Source: CVE-2017-18904
CVE-2017-18909
CVE-2017-18909
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
Source: CVE-2017-18909
CVE-2017-18895
CVE-2017-18895
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
Source: CVE-2017-18895
CVE-2017-18911
CVE-2017-18911
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.
Source: CVE-2017-18911
CVE-2017-18888
CVE-2017-18888
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
Source: CVE-2017-18888
CVE-2017-18890
CVE-2017-18890
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
Source: CVE-2017-18890
CVE-2017-18887
CVE-2017-18887
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator’s e-mail address to members.
Source: CVE-2017-18887