Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Playbook Run Metadata leak to Guest
Vulnerability Description
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the server
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Mattermost Server 安全漏洞
Vulnerability Description
Mattermost Server是美国Mattermost公司的一套开源的消息传递平台。 Mattermost Server存在安全漏洞,该漏洞源于无法执行适当的访问控制,导致无权限访客可以获取运行元数据。受影响版本如下:9.5.3及之前的9.5.x版本;9.6.1及之前的9.6.x版本;8.1.12之前的8.1.x版本。
CVSS Information
N/A
Vulnerability Type
N/A