Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RemoteClusterFrame payloads are audit logged in full
Vulnerability Description
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.5.x至9.5.5版本和9.8.0版本存在安全漏洞,该漏洞源于未能在审计日志记录之前清理有效负载,允许具有审计日志访问权限的高权限攻击者读取消息内容。
CVSS Information
N/A
Vulnerability Type
N/A