mattermost

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source Slack-alternative in Golang and React
Version 9.7.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2628 5.39.1-1 5.39.2-1 Medium Fixed
AVG-2416 5.38.2-1 5.39.0-1 Low Fixed
AVG-1358 5.26.1-1 5.26.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-37861 AVG-2628 Medium No Information disclosure 
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.
CVE-2021-37860 AVG-2416 Low Yes Cross-site scripting 
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in...
CVE-2020-29511 AVG-1358 Medium No Incorrect calculation 
Go's encoding/xml handles namespace prefixes on XML elements in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...
CVE-2020-29510 AVG-1358 Medium Yes Incorrect calculation 
Go's encoding/xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder...
CVE-2020-29509 AVG-1358 Medium Yes Incorrect calculation 
Go's encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and...