返回 CVE 瀏覽器

CVE-2018-21251

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.2000%

EPSS Percentile27.40th

Published2020年6月19日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.

Affected Platforms (CPE)

📦

Mattermost

Mattermost Server

< 5.1.1

📦

Mattermost

Mattermost Server

= 5.2.0

📦

Mattermost

Mattermost Server

= 5.2.0

📦

Mattermost

Mattermost Server

= 5.2.0

📦

Mattermost

Mattermost Server

= 5.2.0

📦

Mattermost

Mattermost Server

= 5.2.0

📦

Mattermost

Mattermost Server

= 5.2.0

References & Advisories

🔗 https://mattermost.com/security-updates/

🔗 https://mattermost.com/security-updates/

相關漏洞威脅

CVE-2017-188889.8

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multip...

CVE-2017-188859.8

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing u...

CVE-2016-110749.8

An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.

CVE-2017-189009.8

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.

CVE-2018-21251 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space