Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Slack import bypasses email verification for team access controls
Vulnerability Description
Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictions
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.10.2及之前的10.10.x版本、10.5.10及之前的10.5.x版本和10.11.2及之前的10.11.x版本存在安全漏洞,该漏洞源于Slack导入过程中未验证电子邮件所有权,可能导致攻击者通过恶意Slack导入数据创建任意电子邮件域的已验证用户账户,绕过基于电子邮件的团队访问限制。
CVSS Information
N/A
Vulnerability Type
N/A