Lucene search
MattermostCVELIST:CVE-2021-37862HistoryDec 17, 2021 - 4:10 p.m.
CVE-2021-37862
2021-12-1716:10:29
CWE-754
Mattermost
www.cve.org
1
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
33.5%
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.
CNA Affected
[
{
"product": "Mattermost ",
"vendor": "Mattermost ",
"versions": [
{
"lessThanOrEqual": "6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-37862
2021-12-17 17:15:12
prion
prion
Code injection
2021-12-17 17:15:00
hackerone
hackerone
osv
osv
BIT-mattermost-2021-37862
2024-03-06 11:05:08
CVE-2021-37862
2021-12-17 17:15:12
nvd
nvd
CVE-2021-37862
2021-12-17 17:15:12
cnvd
cnvd
Mattermost Input Validation Error Vulnerability (CNVD-2021-101986)
2021-12-20 00:00:00
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
33.5%
Related for CVELIST:CVE-2021-37862