Security Vulnerabilities - CVEs Published In June 2020
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CALDERA 2.7.0 allows XSS via the Operation Name box.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-19
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-06-19