3 matches found
GHSA-GMX5-FRV9-9M9F Mattermost has CSRF vulnerability via Calls Widget page
Mattermost versions 11.0.x 11.0.4, 10.12.x = 10.12.2, 10.11.x 10.11.6 and Mattermost Calls versions 1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpa...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Calls widget page. An attacker can initiate calls and inject messages into channels or direct messages by tricking an authenticated user into visiting a malicious webpage or clicking a crafted lin...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a lack of CSRF protection on the Calls widget page, which could lead to an attacker initiating a call and injecting a message into a...