Path Traversal in Template Upload Allows Uploading Files Outside Target Directory

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file placement outside intended directories.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

Mattermost 安全漏洞

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.8.3及之前10.8.x版本、10.5.8及之前10.5.x版本、9.11.17及之前9.11.x版本、10.9.2及之前10.9.x版本存在安全漏洞，该漏洞源于未清理路径遍历序列，可能导致恶意文件放置。

N/A

N/A