Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to Mattermost failing to sanitize the RemoteClusterFrame payloads before audit logging them. Attackers with access to the audit logs can exploit this to read message contents...

Mattermost Information Disclosure Vulnerability (CNVD-2024-30628)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a message disclosure vulnerability. An attacker can exploit the vulnerability to cause the contents of a message to be read...

CVE-2024-39353

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents...

CVE-2024-39353 RemoteClusterFrame payloads are audit logged in full

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents...

CVE-2024-39353

Mattermost Server vulnerability CVE-2024-39353 affects versions 9.5.x (

CVE-2024-39353 RemoteClusterFrame payloads are audit logged in full

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents...

CVE-2023-2792 Ephemeral messages return private channel contents in permalink previews

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command...

Cisco Jabber for Windows Information Disclosure (cisco-sa-jabber-ttcgB9R3)

According to its self-reported version, Cisco Jabber is affected by a information disclosure vulnerability. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful...

Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that...

CVE-2005-2746

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages...