2 matches found
Use of Weak Hash
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Use of Weak Hash via the FNV-1 hashing process for cache key validation. An attacker can access unauthorized posts and manipulate link previews by...
GHSA-9P92-X77W-9FW2 Mattermost makes Use of Weak Hash
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing...