slashcommands

package

Versions in this module

v5

v5.39.3

Dec 15, 2021 GO-2022-0540 +80 more

GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server

GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server

GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server

GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server

GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server

GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server

GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server

GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server

GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server

GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server

GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server

GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server

GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server

GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server

GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server

GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server

GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server

GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server

GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server

GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server

GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server

GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server

GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server

GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server

GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server

GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server

GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server

GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server

GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server

GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server

GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server

GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server

GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server

GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server

GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server

GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server

GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server

GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server

GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server

GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server

GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server

GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server

GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server

GO-2025-3377: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3379: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server

GO-2025-3380: Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server

GO-2025-3392: Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server

GO-2025-3393: Mattermost Incorrect Type Conversion or Cast in github.com/mattermost/mattermost-server

GO-2025-3394: Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server

GO-2025-3407: Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server

GO-2025-3480: Mattermost allows reading arbitrary files related to importing boards in github.com/mattermost/mattermost-server

GO-2025-3481: Mattermost fails to restrict channel export of archived channels in github.com/mattermost/mattermost-server

GO-2025-3482: Mattermost fails to invalidate all active sessions when converting a user to a bot in github.com/mattermost/mattermost-server

GO-2025-3483: Mattermost allows reading arbitrary files in github.com/mattermost/mattermost-server

GO-2025-3534: Mattermost Fails to Properly Perform Viewer Role Authorization in github.com/mattermost/mattermost-server

GO-2025-3549: Mattermost Fails to Enforce Certain Search APIs in github.com/mattermost/mattermost-server

GO-2025-3550: Mattermost Fails to Restrict Command Execution in Archived Channels in github.com/mattermost/mattermost-server

GO-2025-3551: Mattermost Fails to Enforce MFA on Plugin Endpoints in github.com/mattermost/mattermost-server

GO-2025-3552: Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels in github.com/mattermost/mattermost-server

GO-2025-3555: Mattermost fail to prompt for explicit approval before adding a team admin to a private channel in github.com/mattermost/mattermost-server

GO-2025-3556: Mattermost allows members with permission to convert public channels to private and convert private to public in github.com/mattermost/mattermost-server

GO-2025-3604: Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server

GO-2025-3609: Mattermost Fails to Restrict Certain Operations on System Admins in github.com/mattermost/mattermost-server

GO-2025-3610: Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm in github.com/mattermost/mattermost-server

GO-2025-3611: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3618: Mattermost vulnerable to Observable Timing Discrepancy in github.com/mattermost/mattermost-plugin-msteams

GO-2025-3619: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3620: Mattermost Missing Authentication for Critical Function in github.com/mattermost/mattermost-server

GO-2025-3621: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3622: Mattermost doesn't restrict domains LLM can request to contact upstream in github.com/mattermost/mattermost-server

GO-2025-3623: Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server

GO-2025-3642: Mattermost Playbooks fails to properly validate the props used by the RetrospectivePost custom post type in github.com/mattermost/mattermost-plugin-playbooks

GO-2025-3643: Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks

GO-2025-3644: Mattermost Playbooks fails to properly validate permissions in github.com/mattermost/mattermost-plugin-playbooks

v5.39.2

Nov 2, 2021 GO-2022-0540 +80 more