CVE-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

CVE-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

Code injection

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

CVE-2023-3581 WebSockets accept connections from HTTPS origin

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

CVE-2023-3581

CVE-2023-3581 affects Mattermost. The issue is that the product fails to properly validate the origin of a websocket connection, which can allow a Man-In-The-Middle (MITM) attacker to access the websocket APIs. Concrete details across connected sources consistently describe this as an origin-vali...

CVE-2023-3581 WebSockets accept connections from HTTPS origin

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

Mattermost 信任管理问题漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. A security vulnerability exists in Mattermost iOS that stems from a failure to properly validate server certificates when initializing a TLS connection, allowing an attacker to intercept WebSockets connections...

PT-2023-25327 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to Mattermost failing to properly validate the origin of a websocket connection. This allows a Man-In-The-Middle MITM attacker on Mattermost to access the websocket...

Mattermost 访问控制错误漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly authenticate the origin of a Websocket connection, allowing an attacker to access the Websocket API...

Protect

An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...

Fortinet Fortigate Existing websocket connection persists after deleting API admin (FG-IR-23-028)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-028 advisory. - An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute...

ADC LB VIP sending Reset with code 9872

1. Application was being accessed through the LB vServer and it was not loading 2.nstrace taken on the ADC showedRST flag:0x014 sent by VIP to the client in response to almost every GET request sent by the client. 3. ADC was sending RST with window size 9872 which means Websocket upgrade request...

Ubuntu 16.04 ESM / 18.04 ESM : Gorilla WebSocket vulnerability (USN-6208-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6208-1 advisory. It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash,...

Ubuntu: Security Advisory (USN-6208-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6208-1: Gorilla WebSocket vulnerability

It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service...

USN-6208-1 golang-websocket vulnerability

It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets (SUSE-SU-2023:2783-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. - aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data...

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...