5318 matches found
Insufficient Authorization
github.com/mattermost/mattermost/ is vulnerable to Insufficient Authorization. The vulnerability is caused due to insufficient scoping of WebSocket responses to authorised users, resulting in Websocket responses being broadcasted to everyone in the channel...
CMSMS 2.2.19 Arbitrary File Upload Vulnerability
The parameter "fileupload" in type ID is vulnerable to File Upload and RCE attacks, it is not sanitized correctly. The attacker can upload a virus directly on the server by using this web vulnerability, and then he can execute it, this can be the end of this server depending on the scenario! In...
Server Side Request Forgery
miniflare is vulnerable to Server Side Request Forgery. The vulnerability is caused due to a configuration which listens to requests from external network interfaces . As a result of this configuration, an attacker can access local servers by sending specially crafted Websocket requests to the...
GHSA-Q7RX-W656-FWMV Mattermost notified all users in the channel when using WebSockets to respond individually
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
Mattermost notified all users in the channel when using WebSockets to respond individually
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
Information disclosure
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732
Mattermost (Mattermost server) vulnerability CVE-2023-48732: WebSocket responses were not properly scoped to individual notified users, causing disclosure of who was notified about a post to all users in the channel. Exploitation status not detailed in provided documents, and no explicit in-the-w...
CVE-2023-48732 Keywords that trigger mentions are leaked to other users
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
CVE-2023-48732 Keywords that trigger mentions are leaked to other users
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from the inability to scope WebSocket responses to each user separately, causing WebSocket to broadcast information about who was notified of...
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Impact Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network...
CVE-2023-52139
Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as kind or secure without the user's permission and perform operations such as reading or adding non-public content. As a...
CVE-2023-7078
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7078
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7078
CVE-2023-7078 describes a server-side request forgery in Miniflare’s server. Sending specially crafted HTTP requests could cause the server to emit arbitrary HTTP and WebSocket requests, potentially enabling an attacker on the local network to reach other local services if Miniflare listened on e...
CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...
PT-2023-32863 · Miniflare · Miniflare
Name of the Vulnerable Software and Affected Versions: Miniflare versions prior to 3.20231030.2 Description: Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on...