Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authorized users are allowed to install old plugin versions from the Marketplace
Vulnerability Description
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对废弃函数的使用
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 6.4.x 及更早版本存在安全漏洞,该漏洞允许经过身份验证和授权的用户从 Marketplace 安装和利用可能存在已知漏洞的旧版本插件。
CVSS Information
N/A
Vulnerability Type
N/A