Monthly Archive: June 2020

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. Date published :...

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. Date published : 2020-06-19 https://mattermost.com/security-updates/