[Git][security-tracker-team/security-tracker][master] Process two CVEs for mattermost, mark them for mattermost-server, itp'ed

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 9 20:34:00 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4c7b8c0 by Salvatore Bonaccorso at 2024-02-09T21:32:53+01:00
Process two CVEs for mattermost, mark them for mattermost-server, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,7 +59,7 @@ CVE-2024-25304 (Code-projects Simple School Managment System 1.0 allows SQL Inje
 CVE-2024-25302 (Sourcecodester Event Student Attendance System 1.0, allows SQL Injecti ...)
 	NOT-FOR-US: Sourcecodester Event Student Attendance System
 CVE-2024-24776 (Mattermost fails to check the required permissions in thePOST /api/v4/ ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2024-24774 (Mattermost Jira Plugin handling subscriptions fails to check the secur ...)
 	NOT-FOR-US: Mattermost Jira Plugin
 CVE-2024-23319 (Mattermost Jira Plugin fails to protect against logout CSRF allowing a ...)
@@ -69,7 +69,7 @@ CVE-2024-22119 (The cause of vulnerability is improper validation of form input
 CVE-2024-21762 (A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2 ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-1402 (Mattermost fails to check if a custom emoji reaction exists when sendi ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2024-1247 (Concrete CMS version 9 before 9.2.5 is vulnerable tostored XSS via the ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2024-1246 (Concrete CMSin version 9 before 9.2.5is vulnerable to reflected XSS vi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c7b8c0ae5cfed7cb1b0d763bc71d92ae935b16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4c7b8c0ae5cfed7cb1b0d763bc71d92ae935b16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240209/f3822b48/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list