Monthly Archive: June 2020

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user’s behalf. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user’s session. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file. Date published :...

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post. Date published : 2020-06-19 https://mattermost.com/security-updates/