[Git][security-tracker-team/security-tracker][master] Process some CVEs in Mattermost (mark as mattermost-server)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 27 20:40:21 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20820142 by Salvatore Bonaccorso at 2023-11-27T21:39:42+01:00
Process some CVEs in Mattermost (mark as mattermost-server)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,7 +6,7 @@ CVE-2023-6254 (A Vulnerability in OTRS AgentInterface and ExternalInterface allo
 	NOT-FOR-US: OTRS
 	NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x
 CVE-2023-6202 (Mattermost fails to perform proper authorization in the /plugins/focal ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-5974 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to server ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5958 (The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape ema ...)
@@ -76,13 +76,13 @@ CVE-2023-49029 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-1
 CVE-2023-49028 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and  ...)
 	TODO: check
 CVE-2023-48369 (Mattermost fails to limit the log size of server logs allowing an atta ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-48268 (Mattermost fails tolimit the amount of data extracted from compressed  ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-47865 (Mattermost fails to check if hardened mode is enabled when overriding  ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-47168 (Mattermost fails to properly check a redirect URL parameter allowing f ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-45223 (Mattermost fails to properly validate the "Show Full Name" option in a ...)
 	TODO: check
 CVE-2023-43754 (Mattermost fails to check whether the \u201cAllow users to view archiv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208201425661fa13fde07aaa0dc7fbf010748588

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/208201425661fa13fde07aaa0dc7fbf010748588
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231127/d265b42d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list