Monthly Archive: June 2020

An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post’s file ID. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel’s post loading via one crafted post. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled. Date published...

An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person’s GitHub account. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team’s slash commands. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document. Date published : 2020-06-19...

An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. Date published : 2020-06-19 https://mattermost.com/security-updates/

An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. Date published...

An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. Date published : 2020-06-19 https://mattermost.com/security-updates/