Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Username and Icon override can be used by members when Hardened Mode is enabled
Vulnerability Description
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 存在安全漏洞,该漏洞源于在发布帖子时覆盖用户名和/或图标时,无法检查是否启用了强化模式。 如果设置允许集成在发帖时覆盖用户名和个人资料图片,则即使启用了强化模式设置,成员也可以在发帖时覆盖用户名和图标。
CVSS Information
N/A
Vulnerability Type
N/A