An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
Published at: June 19, 2020 at 01:15PM
View on website
Etiqueta: government
New vulnerability on the NVD: CVE-2018-21254
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
Published at: June 19, 2020 at 01:15PM
View on website
New vulnerability on the NVD: CVE-2018-21255
An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.
Published at: June 19, 2020 at 01:15PM
View on website
New vulnerability on the NVD: CVE-2018-21257
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.
Published at: June 19, 2020 at 01:15PM
View on website
New vulnerability on the NVD: CVE-2018-21258
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
Published at: June 19, 2020 at 01:15PM
View on website
Educ Arte Económico 