CVE-2019-20844
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
Source: CVE-2019-20844
[월:] 2020년 06월
CVE-2019-20845
CVE-2019-20845
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
Source: CVE-2019-20845
CVE-2019-20846
CVE-2019-20846
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
Source: CVE-2019-20846
CVE-2019-20847
CVE-2019-20847
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
Source: CVE-2019-20847
CVE-2019-20848
CVE-2019-20848
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.
Source: CVE-2019-20848
CVE-2019-20849
CVE-2019-20849
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
Source: CVE-2019-20849
CVE-2019-20850
CVE-2019-20850
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
Source: CVE-2019-20850
CVE-2019-20841
CVE-2019-20841
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
Source: CVE-2019-20841
CVE-2019-20843
CVE-2019-20843
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
Source: CVE-2019-20843