Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Munged email address used for password resets and notifications
Vulnerability Description
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
保护机制失效
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.9.x版本至9.9.1版本、9.5.x版本至9.5.7版本、9.10.x版本至9.10.0版本和9.8.x版本至9.8.2版本存在安全漏洞,该漏洞源于未能确保远程/合成用户无法创建会话或重置密码,这可能允许通过共享频道生成的有效电子邮件地址用于接收电子邮件通知和重置密码。
CVSS Information
N/A
Vulnerability Type
N/A