1115 matches found
Missing Authorization
Mattermost is vulnerable to Missing Authorization. The vulnerability is due to not checking the inviter's permission on the private channel on a team when inviting a user on that same private channel while processing an email invite. This allows an attacker to invite themselves to a private chann...
Mattermost fails to properly authentication inviter's permissions to private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. Issue Identifier: MMSA-2023-00137...
GHSA-9HJ7-V56G-RHF6 Mattermost fails to properly authentication inviter's permissions to private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. Issue Identifier: MMSA-2023-00137...
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
Code injection
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
CVE-2023-1774 Unauthorized email invite to a private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
CVE-2023-1774
CVE-2023-1774 concerns Mattermost where processing an email invite to a private channel does not validate the inviter’s permission for that channel. The result is that an attacker can invite themselves to a private channel without proper authorization. The issue centers on the invite handling flo...
CVE-2023-1774 Unauthorized email invite to a private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
PT-2023-2090 · Apache · Apache Openmeetings
Name of the Vulnerable Software and Affected Versions: Apache OpenMeetings versions 2.0.0 through 6.x Description: The issue is related to a lack of authentication for a critical function in Apache OpenMeetings, allowing an attacker to elevate their privileges in any room. Specifically, the probl...
CVE-2020-27507
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact...
CVE-2020-27507
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact...
Buffer overflow
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact...
UBUNTU-CVE-2020-27507
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact...
PT-2023-11761 · Unknown +2 · Kamailio Sip +2
Name of the Vulnerable Software and Affected Versions: Kamailio SIP versions prior to 5.5.0 Description: The issue is related to the mishandling of INVITE requests with duplicated fields and overlength tags by the Kamailio SIP server, leading to a buffer overflow. This can cause the server to cra...
CVE-2020-27507
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact...
CVE-2020-27507
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact...
Code injection
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...
CVE-2023-27265 Disclosure of team owner email address when regenerating Invite ID
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...
PT-2023-21044 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue concerns the failure of Mattermost to honor the ShowEmailAddress setting when responding to the "Regenerate Invite Id" API endpoint. This allows an attacker with team admin...