» 2020 » 6월

CVE-2017-18891

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2017-18891

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.

Source: CVE-2017-18891

CVE-2017-18892

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2017-18892

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

Source: CVE-2017-18892

CVE-2017-18893

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2017-18893

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.

Source: CVE-2017-18893

CVE-2017-18894

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2017-18894

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.

Source: CVE-2017-18894

CVE-2017-18874

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2017-18874

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.

Source: CVE-2017-18874

CVE-2020-8167

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2020-8167

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

Source: CVE-2020-8167

CVE-2020-8165

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

Source: CVE-2020-8165

CVE-2020-13277

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2020-13277

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

Source: CVE-2020-13277

CVE-2020-3972

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2020-3972

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.

Source: CVE-2020-3972

CVE-2018-21264

Posted on 2020년 6월 20일2020년 6월 20일 by admin

CVE-2018-21264

An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.

Source: CVE-2018-21264