Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Agents plugin process. An attacker can access information about when users have read channels by querying channel member objects. Remediation Upgrade...

EUVD-2022-37720

Malicious code in bioql PyPI...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in command.go that allows a user to execute commands on archived channels. Remediation Upgrade github.com/mattermost/mattermost/server/channels/api4 to version 9.11.9-rc1, 10.3.4, 10.4.3 or higher. References -...

Denial Of Service Attack

Mattermost is vulnerable to Denial of Service DoS. The vulnerability was due to the OpenGraph functionality in the server/channels/api4/openGraph.go file of the Mattermost server.This allows an attacker to exploit this by sending numerous requests to the /api/v4/opengraph endpoint, causing...

CVE-2022-34772

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

Default credentials

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

CVE-2022-34772 Tabit - password enumeration

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

CVE-2022-34772

CVE-2022-34772 affects Tabit (password verification) where the 4-digit OTP login flow allows unlimited resend attempts, enabling password enumeration due to lack of effective rate limiting. Documented evidence from PT-2022-22323 notes password enumeration and API rate-limiting weakness; no patch/...

in attendize/attendize

Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...