Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect defaults can cause attackers to bypass rate limitations
Vulnerability Description
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
缺省权限不正确
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 6.7.0版本存在安全漏洞,该漏洞源于受信任 IP 标头的错误默认配置允许攻击者绕过一些现有的速率限制,攻击者利用该漏洞可以使用受操纵的 IP 进行审计日志记录。
CVSS Information
N/A
Vulnerability Type
N/A