Security Vulnerabilities - CVEs Published In June 2020
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
CVSS Score
2.7
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-19
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19