CVE-2019-20873
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.
Source: CVE-2019-20873
[월:] 2020년 06월
CVE-2019-20866
CVE-2019-20866
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.
Source: CVE-2019-20866
CVE-2019-20865
CVE-2019-20865
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
Source: CVE-2019-20865
CVE-2019-20869
CVE-2019-20869
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
Source: CVE-2019-20869
CVE-2019-20867
CVE-2019-20867
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel’s post loading via one crafted post.
Source: CVE-2019-20867
CVE-2019-20868
CVE-2019-20868
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.
Source: CVE-2019-20868
CVE-2020-14470
CVE-2020-14470
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.
Source: CVE-2020-14470
CVE-2019-20870
CVE-2019-20870
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post’s file ID.
Source: CVE-2019-20870
CVE-2019-20874
CVE-2019-20874
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.
Source: CVE-2019-20874
CVE-2019-20872
CVE-2019-20872
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
Source: CVE-2019-20872