漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Authorized users are allowed to install old plugin versions from the Marketplace
Vulnerability Description
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对废弃函数的使用
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 6.4.x 及更早版本存在安全漏洞,该漏洞允许经过身份验证和授权的用户从 Marketplace 安装和利用可能存在已知漏洞的旧版本插件。
CVSS Information
N/A
Vulnerability Type
N/A