Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary post deletion via Playbooks /ignore-thread endpoint
Vulnerability Description
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 9.10.2版本及之前的9.10.x版本,9.11.1版本及之前的9.11.x版本和9.5.9版本及之前的9.5.x版本存在安全漏洞,该漏洞源于无法检查集成操作中消息的来源是否与原始帖子元数据匹配,这允许经过身份验证的用户删除任意帖子。
CVSS Information
N/A
Vulnerability Type
N/A