Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MS Teams plugin OAuth allows editing arbitrary posts
Vulnerability Description
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.11.3及之前的10.11.x版本、10.5.11及之前的10.5.x版本和10.12.0及之前的10.12.x版本存在安全漏洞,该漏洞源于未验证帖子更新与MSTeams插件OAuth流程的关系,可能导致攻击者通过特制URL编辑任意帖子。
CVSS Information
N/A
Vulnerability Type
N/A