Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 8.1.10之前的8.1.x版本、9.2.6之前的9.2.x版本、9.3.2之前的9.3.x版本和9.4.3之前的9.4.x版本存在安全漏洞,该漏洞源于无法正确验证帐户所有权,从而导致经过身份验证的攻击者在特定条件下通过精心设计的切换请求接管其他用户帐户。
CVSS Information
N/A
Vulnerability Type
N/A