Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Timing attack during remote cluster token comparison when shared channels are enabled
Vulnerability Description
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在安全漏洞,该漏洞源于缺少对远程集群令牌使用恒定时间比较,攻击者可以通过定时攻击检索远程集群令牌。以下版本受到影响:9.8.x至9.8.0、9.7.x至9.7.4、9.6.x至9.6.2以及9.5.x至9.5.5。
CVSS Information
N/A
Vulnerability Type
N/A