Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: mod_auth_openidc security update

An update for modauthopenidc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: jose security update

An update for jose is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OPENSUSE-SU-2024:0364-1 Security update for virtualbox

This update for virtualbox fixes the following issues: Update to release 7.1.4: NAT: Fixed DHCP problems with certain guests when domain is empty VMSVGA: Improved flickering, black screen and other screen update issues with recent Linux kernels Linux Guest Additions: Introduce initial support for...

CVE-2024-36250 MFA Code Replay

Mattermost versions 9.11.x = 9.11.2, and 9.5.x = 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within 30 seconds...

CVE-2024-42000 Unauthorized Access to view channels' details

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 and 10.0.x = 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that...

CVE-2024-46872

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

CVE-2024-50052

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post...

CVE-2024-10241

Mattermost versions 9.5.x = 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.10.2 and prior 9.10.x, 9.11.1 and prior 9.11.x, and 9.5.9 and prior 9.5.x. The vulnerability stems from an inability to check that the origin of...

PT-2024-16133 · Mattermost +2 · Mattermost +2

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Description: The issue arises when ElasticSearch is enabled, and Mattermost fails to properly filter channel data. This allows a user to obtain private channel names by using the cmd+K/ctrl+K shortcut...

Mattermost Server 9.5.x < 9.5.9 / 9.9.x < 9.9.3 / 9.10.x < 9.10.2 (MMSA-2024-00362)

The version of Mattermost Server installed on the remote host is prior to 9.5.9, 9.9.3, or 9.10.2. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00362 advisory. - Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels file...

Mattermost Server 9.5.x < 9.5.8 / 9.8.x < 9.8.3 / 9.9.x < 9.9.2 / 9.10.x < 9.10.1 (MMSA-2024-00368)

The version of Mattermost Server installed on the remote host is prior to 9.5.8, 9.8.3, 9.9.2, or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00368 advisory. - Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitiz...

HCL BigFix Server 9.5.x < 9.5.25 / 10.0.x < 10.0.12 / 11.0.x < 11.0.3 DLL Hijacking (KB0116659)

The version of HCL BigFix Server installed on the remote host is 9.5.x prior to 9.5.25, 10.0.x prior to 10.0.12 or 11.x prior to 11.0.3. It is, therefore, affected by a DLL hijacking vulnerability as referenced in the KB0116659 advisory, where a dynamic search for a prerequisite library could all...

CVE-2024-9155

Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...

CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files

Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...

CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...