9 matches found
CVE-2025-2475
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...
GHSA-6RQH-8465-2XCW Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...
CVE-2025-2475
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...
CVE-2025-2475 Unauthorized Bot Login Using Credentials
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...
CVE-2025-2475 Unauthorized Bot Login Using Credentials
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...
CVE-2025-2475
Mattermost CVE-2025-2475 affects servers 9.11.x up to 9.11.9, 10.4.x up to 10.4.3, and 10.5.x up to 10.5.1. The root cause is a failure to invalidate the cache when a user account is converted to a bot, enabling an attacker to log in to the bot exactly once using normal credentials. The available...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.1 and prior 10.5.x, 10.4.3 and prior 10.4.x, and 9.11.9 and prior 9.11.x, which stems from an uninvalidated cache and could lead to an attack...
Malicious code in bot-login-plugins (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466263e8cbd2152f68613171597ebbfc45204feb62846eea580ccd128e30f498 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1343 Malicious code in bot-login-plugins (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 466263e8cbd2152f68613171597ebbfc45204feb62846eea580ccd128e30f498 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...