An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. Date published : 2020-06-19 https://mattermost.com/security-updates/
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. Date published : 2020-06-19 https://blog.ripstech.com/2019/woocommerce-csrf-to-stored-xss/ https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. Date...
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file. Date published : 2020-06-19 https://mattermost.com/security-updates/