Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of MFA enforcement in WebSocket connections
Vulnerability Description
Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 11之前版本存在安全漏洞,该漏洞源于WebSocket连接未强制执行多因素身份验证,可能导致未经验证的用户访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A