-
Notifications
You must be signed in to change notification settings - Fork 336
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d07b74e
commit 4018652
Showing
4 changed files
with
115 additions
and
1 deletion.
There are no files selected for viewing
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-69ww-qqv6-w3gj/GHSA-69ww-qqv6-w3gj.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-69ww-qqv6-w3gj", | ||
| "modified": "2024-11-09T18:30:30Z", | ||
| "published": "2024-11-09T18:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-52032" | ||
| ], | ||
| "details": "Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52032" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://mattermost.com/security-updates" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-200" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-09T18:15:15Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-8ww9-xwc2-p9cc/GHSA-8ww9-xwc2-p9cc.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-8ww9-xwc2-p9cc", | ||
| "modified": "2024-11-09T18:30:30Z", | ||
| "published": "2024-11-09T18:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-36250" | ||
| ], | ||
| "details": "Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36250" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://mattermost.com/security-updates" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-303" | ||
| ], | ||
| "severity": "LOW", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-09T18:15:14Z" | ||
| } | ||
| } |
38 changes: 38 additions & 0 deletions
38
advisories/unreviewed/2024/11/GHSA-hpq2-jq6g-6g73/GHSA-hpq2-jq6g-6g73.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-hpq2-jq6g-6g73", | ||
| "modified": "2024-11-09T18:30:30Z", | ||
| "published": "2024-11-09T18:30:30Z", | ||
| "aliases": [ | ||
| "CVE-2024-42000" | ||
| ], | ||
| "details": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with \"Read Groups\" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [ | ||
|
|
||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42000" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://mattermost.com/security-updates" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-863" | ||
| ], | ||
| "severity": "LOW", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2024-11-09T18:15:14Z" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters