Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

CVE-2026-6347

Summary: CVE-2026-6347 affects Mattermost releases 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The vulnerability arises in the Mattermost Calls plugin where sensitive configuration fields are not sanitized. This allows an attacker with access to a support packet to obtai...

CVE-2026-6347 Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

PT-2026-41661

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

EUVD-2020-24468

Malware in sbrugna...

Cisco Meetings App Authorization Issues Vulnerability

Cisco Meetings App is a video conferencing application from Cisco USA. An authorization issue vulnerability exists in the API subsystem in Cisco Meetings App, which stems from a flaw in the protection mechanism for TURN server credentials. A remote attacker can exploit this vulnerability by...

CVE-2020-3197

The CVE-2020-3197 entry concerns Cisco Meetings App: an API subsystem vulnerability that allows an unauthenticated, remote attacker to obtain and reuse TURN server credentials by intercepting legitimate traffic due to insufficient protection of those credentials. Impact described: attacker could ...