valid

package

Go to main page

Versions in this module

v6

v6.7.2

Jun 14, 2022 GO-2024-2444 +27 more

GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server

GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server

GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server

GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server

GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server

GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server

GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server

GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server

GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server

GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server

GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server

GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server

GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server

GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server

GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server

GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server

GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server

GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server

GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server

GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server

GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server

v6.7.1

Jun 13, 2022 GO-2024-2444 +27 more