Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Client-Side Path Traversal Leading to CSRF in Playbooks
Vulnerability Description
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.10.2版本及之前的9.10.x版本,9.11.1版本及之前的9.11.x版本和9.5.9版本及之前的9.5.x版本存在安全漏洞,该漏洞源于无法清理用于重定向的前端用户输入,这会导致一键式客户端路径遍历,从而导致 Playbooks 中的跨站请求伪造问题。
CVSS Information
N/A
Vulnerability Type
N/A