In Mattermost versions 10.1.x up to 10.1.2, 10.0.x up to 10.0.2, 9.11.x up to 9.11.4, and 9.5.x up to 9.5.12 a medium severity vulnerability CVE-2024-54682 was detected. This vulnerability allows attackers to upload specially crafted files (zip bombs) that can overload and crash the system, causing it to stop working properly. To fix this issue, users should upgrade Mattermost to versions 10.1.3, 10.0.3, 9.11.5, and 9.5.13. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-54682.
Read more Communication
In Mattermost versions 9.7.x up to 9.7.5, 9.8.x up to 9.8.2, and 9.9.x up to 9.9.2 a medium severity vulnerability CVE-2024-12247 was detected. This vulnerability allows users keep old permissions even when permission updates are made, as the updates don’t apply across all cluster nodes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12247.
Read more Communication
In Zulip version 8.3 a medium severity vulnerability CVE-2024-36625 was detected. This vulnerability allows attackers to inject malicious scripts into the application, which can then be executed in the context of other users’ browsers. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-36625.
Read more Communication
In Zulip version 8.3 a medium severity vulnerability CVE-2024-36624 was detected. This vulnerability allows attackers to exploit the application using Cross Site Scripting (XSS) techniques. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-36624.
Read more Communication
In Zulip versions 8.0 to 8.3 a high severity vulnerability CVE-2024-36612 was detected. This vulnerability allows attackers to exploit a memory leak in the handling of popovers. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36612.
Read more Communication
In Mattermost versions 10.0.x up to and including 10.0.1, 10.1.x up to and including 10.1.1, 9.11.x up to and including 9.11.3, 9.5.x up to and including 9.5.11 a high severity vulnerability CVE-2024-11599 was detected. This vulnerability allows unauthenticated users to bypass email domain restrictions during registration via crafted email input. To address this issue, users must upgrade to Mattermost versions 10.2.0, 10.0.2, 10.1.2, 9.11.4, 9.5.12 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11599.
Read more Communication
In Mastodon versions 4.1.x prior to 4.1.17 and 4.2.x prior to 4.2.9 a high severity vulnerability CVE-2023-49952 was detected. This vulnerability allows attackers to bypass limits on how many requests they can make by sending a special request to the server. To fix this issue, users need to update to versions 4.2.9 or above. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-49952.
Read more Communication
In Mattermost versions 9.10.x (≤ 9.10.2), 9.11.x (≤ 9.11.1), 9.5.x (≤ 9.5.9), and 10.0.x (≤ 10.0.0) a low severity vulnerability, CVE-2024-42000, was detected. This vulnerability allows attackers with “Read Groups” permission, but without access to specific channels, to retrieve details about private channels they are not members of by sending a request to /api/v4/channels. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-42000.
In Mattermost versions 9.11.x (≤ 9.11.2) and 9.5.x (≤ 9.5.10) a low severity vulnerability CVE-2024-36250 was detected. This vulnerability allows attackers to reuse the MFA code within approximately 30 seconds, exploiting inadequate replay protection. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36250.
Read more Communication