Security
Headlines

Headlines Latest CVEs

Headline

GHSA-2j87-p623-8cc2: Mattermost vulnerable to Observable Timing Discrepancy

Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.

1 month ago

GitHub Advisory Database
GitHub Reviewed
CVE-2025-27936

Mattermost vulnerable to Observable Timing Discrepancy

Moderate severity GitHub Reviewed Published Apr 16, 2025 to the GitHub Advisory Database • Updated Apr 16, 2025

Package

gomod github.com/mattermost/mattermost-plugin-msteams (Go)

Affected versions

<= 1.15.0

gomod github.com/mattermost/mattermost/server/v8 (Go)

>= 10.5.0, < 10.5.2

< 8.0.0-20250314142426-c049748b8863

10.5.2

8.0.0-20250314142426-c049748b8863

Published to the GitHub Advisory Database

Apr 16, 2025

Last updated

Apr 16, 2025

ghsa: Latest News

GHSA-qfm8-78qf-p75j: The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution

13 hours ago

GHSA-hq4f-5qjv-fwrg: The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location

13 hours ago

GHSA-pqqp-7cp8-vxvf: Ackites KillWxapkg Zip Bomb Resource Exhaustion

15 hours ago

GHSA-463c-jhp2-4mm7: The Backup Plus extension for TYPO3 (ns_backup) allows command injections

15 hours ago

GHSA-xg53-mhh9-3cq7: The Backup Plus extension for TYPO3 (ns_backup) allows XSS

15 hours ago