Expand intel coverage and refresh monitoring
这个提交包含在:
hao
@@ -0,0 +1,72 @@
|
||||
{
|
||||
"canonical_id": "mattermost--CVE-2026-4265",
|
||||
"system_id": "mattermost",
|
||||
"display_name": "Mattermost",
|
||||
"category": "platforms",
|
||||
"advisory_mode": "core",
|
||||
"title": "MMSA-2025-00553",
|
||||
"summary": "(CWE-284) Fixed an issue where guest users could bypass team-specific upload_file permission restrictions by uploading files in teams where they had permission and then posting those files to channels in teams where they lacked the permission. Thanks to 0x7oda7123 for contributing to this improvement under the Mattermost responsible disclosure policy.",
|
||||
"published_at": "2026-03-16",
|
||||
"updated_at": "2026-03-16",
|
||||
"severity": "medium",
|
||||
"cvss_score": null,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "https://securityupdates.mattermost.com/security_updates.json",
|
||||
"secondary_source_urls": [],
|
||||
"aliases": [
|
||||
"MMSA-2025-00553",
|
||||
"CVE-2026-4265"
|
||||
],
|
||||
"cve_ids": [
|
||||
"CVE-2026-4265"
|
||||
],
|
||||
"ghsa_ids": [],
|
||||
"osv_ids": [],
|
||||
"affected_versions": [
|
||||
"11.3.x <= 11.3.0",
|
||||
"11.2.x <= 11.2.2",
|
||||
"10.11.x <= 10.11.10"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"11.4.0",
|
||||
"11.3.1",
|
||||
"11.2.3",
|
||||
"10.11.11"
|
||||
],
|
||||
"package_name": "Mattermost Server",
|
||||
"render_markdown": true,
|
||||
"case_path": "07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md",
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"xss-output-encoding",
|
||||
"token-cookie-storage",
|
||||
"file-upload-validation"
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"historical_status": null,
|
||||
"latest_status": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "xss-generic",
|
||||
"artifact_mode": "synthetic",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"Mattermost Security Updates JSON"
|
||||
],
|
||||
"source_kinds": [
|
||||
"json-feed"
|
||||
],
|
||||
"candidate_count": 1
|
||||
}
|
||||
}
|
||||
在新工单中引用
屏蔽一个用户