mattermost

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source Slack-alternative in Golang and React
Version 6.3.1-1 [community-testing]
5.39.3-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2628 5.39.2-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-37861 AVG-2628 Medium No Information disclosure
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2416 5.38.2-1 5.39.0-1 Low Fixed
AVG-1358 5.26.1-1 5.26.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-37860 AVG-2416 Low Yes Cross-site scripting
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in...
CVE-2020-29511 AVG-1358 Medium No Incorrect calculation
Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...
CVE-2020-29510 AVG-1358 Medium Yes Incorrect calculation
Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder...
CVE-2020-29509 AVG-1358 Medium Yes Incorrect calculation
Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...