Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AI plugin APIs can be triggered using post actions
Vulnerability Description
Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Mattermost Server 安全漏洞
Vulnerability Description
Mattermost Server是美国Mattermost公司的一套开源的消息传递平台。 Mattermost Server 10.5.9及之前版本存在安全漏洞,该漏洞源于Agents插件未拒绝空请求体,可能导致用户点击恶意链接。
CVSS Information
N/A
Vulnerability Type
N/A