An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. Date published : 2020-06-19 https://mattermost.com/security-updates/
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021. Date published : 2020-06-19 https://mattermost.com/security-updates/
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. Date published : 2020-06-19 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNMCV2DJJTX345YYBXAMJBXNNVUZQ5UH/ https://github.com/open-iscsi/rtslib-fb/pull/162
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit...
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13277.json https://gitlab.com/gitlab-org/gitlab/-/issues/220972
User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13276.json https://gitlab.com/gitlab-org/gitlab/-/issues/25994
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13275.json https://gitlab.com/gitlab-org/gitlab/-/issues/209254
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 Date published : 2020-06-19 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13274.json https://gitlab.com/gitlab-org/gitlab/-/issues/14195