Headline

GHSA-vqwh-5jhh-vc9p: Mattermost Server SSRF Vulnerability via the Agents Plugin

Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions

1 day ago

ghsa

Open in Source

#vulnerability #ssrf #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-95v9-hv42-pwrj: gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

2 hours ago

ghsa

GHSA-fvqv-593q-qp8r: Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect

4 hours ago

ghsa

GHSA-xwc5-q44v-p6gg: Liferay Portal User Enumeration Vulnerability via the Create Account Page

4 hours ago

ghsa

GHSA-655h-hg88-5qmf: Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety

5 hours ago

ghsa

GHSA-vv6j-3g6g-2pvj: Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

6 hours ago

ghsa