Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.8 views

Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2026/05/18 8:30 a.m.24 views

CVE-2026-6347

Summary: CVE-2026-6347 affects Mattermost releases 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The vulnerability arises in the Mattermost Calls plugin where sensitive configuration fields are not sanitized. This allows an attacker with access to a support packet to obtai...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/18 8:30 a.m.46 views

CVE-2026-6347 Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:30 a.m.10 views

CVE-2026-6347 Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41661

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description The Mattermost Calls plugin fails to sanitize sensitive configuration fields. This allows an attacker...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-3066

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00508EPSS
Exploits0References3
Rows per page
Query Builder