Lucene search
+L

93 matches found

osv
osv
added 2025/12/22 6:15 p.m.5 views

GO-2025-4247 Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

3CVSS6.7AI score0.00145EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/12/18 12:40 p.m.21 views

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7AI score0.00145EPSS
Exploits0References1
euvd
euvd
added 2025/12/17 3:34 p.m.4 views

EUVD-2025-203891

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection...

3CVSS6.6AI score0.00145EPSS
Exploits0References4
osv
osv
added 2025/12/17 3:34 p.m.4 views

GHSA-JF5H-XFW4-P8GP Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS6.9AI score0.00145EPSS
Exploits0References5
github
github
added 2025/12/17 3:34 p.m.10 views

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7AI score0.00145EPSS
Exploits0References5Affected Software3
nvd
nvd
added 2025/12/17 1:15 p.m.5 views

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS0.00145EPSS
Exploits0References1
osv
osv
added 2025/12/17 12:11 p.m.5 views

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS6.8AI score0.00145EPSS
Exploits0References3
cve
cve
added 2025/12/17 12:11 p.m.24 views

CVE-2025-13352

Mattermost vulnerability CVE-2025-13352 affects Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions = 2.5.0-rc1 or higher) or apply vendor-supplied security updates. Further advisories from Red Hat, CIRCL, OSV, GHSA, and others corroborate the identity validation bypas...

3CVSS6.6AI score0.00145EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/12/17 12:11 p.m.36 views

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS0.00145EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/17 12:0 a.m.5 views

PT-2025-51825

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7AI score0.00145EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2025/12/10 6:30 p.m.11 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), com.coravy.hudson.plugins.github:github (>=1.41.0 <=1.46.0.1) +37 more potentially affected by CVE-2025-67640 via org.jenkins-ci.plugins:git-client (>=6.1.0 <=6.4.0)

org.jenkins-ci.plugins:git-client MAVEN version =6.1.0, =37.v0d3157c4aef8, =1.41.0, =61.vf6d8f6f5ed02, =1.1.0.825.v30618768da42, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.27.17, =1.0.0, =3.2083.vd36f32376929, =530.v38d502df428f, =634.v371dc6d978a3, =679.v74133dab435a and more...

5CVSS5.4AI score0.00186EPSS
Exploits0
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0504

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00556EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-3960

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00608EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2784

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00606EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6379

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00721EPSS
Exploits0References10
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5310

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01013EPSS
Exploits0References4
osv
osv
added 2025/08/18 1:17 p.m.3 views

GO-2025-3870 Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-plugin-confluence

Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-plugin-confluence...

7.5CVSS7.1AI score0.00335EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2025/04/02 3:31 p.m.8 views

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +499 more potentially affected by CVE-2025-31720 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-31720https://vulners.com/cve/CVE-2025-317...

4.3CVSS6.3AI score0.0039EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/04/02 3:31 p.m.10 views

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +499 more potentially affected by CVE-2025-27622 +1 more via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27622https://vulners.com/cve/CVE-2025-276...

4.3CVSS6.8AI score0.00727EPSS
Exploits0
vulncheck_kev
vulncheck_kev
added 2024/09/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-1000600

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

8.8CVSS5.8AI score0.90894EPSS
Exploits0References1
Rows per page
Query Builder