5 matches found
Insertion of Sensitive Information into Log File
Overview github.com/mattermost/mattermost-plugin-calls/server is a package that enables voice calling and screen sharing functionality in Mattermost channels Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the plugin configuration process. ...
GO-2025-4254 Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls
Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls...
Improper Validation of Specified Type of Input
Overview github.com/mattermost/mattermost-plugin-calls is a package for voice calling and screen sharing functionality in Mattermost channels. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the WebSocket request handling. An attacker can cau...
Cross-site Request Forgery (CSRF)
Overview github.com/mattermost/mattermost-plugin-calls/server is a package that enables voice calling and screen sharing functionality in Mattermost channels Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Calls widget page. An attacker can initiate cal...
Malicious Package
Overview mattermost-plugin-calls is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...