更新: 307 个文件 - 2026-03-27 02:33:52
这个提交包含在:
hao
@@ -5,14 +5,14 @@
|
||||
- 系统 ID: `mattermost`
|
||||
- 分类: `platforms`
|
||||
- 覆盖策略: `rolling-24m`
|
||||
- 总案例数: `31`
|
||||
- 近 30 天新增/更新: `19`
|
||||
- 重点 Markdown 案例数: `31`
|
||||
- 总案例数: `33`
|
||||
- 近 30 天新增/更新: `21`
|
||||
- 重点 Markdown 案例数: `33`
|
||||
- 已实证(真实版本): `0`
|
||||
- 已实证(synthetic): `0`
|
||||
- 阻塞数: `0`
|
||||
- 待人工/缺浏览器证据: `31`
|
||||
- 最近渲染时间: `2026-03-26T10:20:33+00:00`
|
||||
- 待人工/缺浏览器证据: `33`
|
||||
- 最近渲染时间: `2026-03-27T09:30:59+00:00`
|
||||
|
||||
## 目标约束
|
||||
|
||||
@@ -39,12 +39,14 @@
|
||||
| Mattermost fails to properly enforce read permissions in search API endpoints | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:55:57.125165Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-24692.md) |
|
||||
| Mattermost fails to use consistent error responses when handling the /mute command | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:15.398070Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-21386.md) |
|
||||
| Mattermost fails to validate team-specific upload_file permissions | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:04.837800Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-4265.md) |
|
||||
| Mattermost fails to limit the size of responses from integration action endpoints | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-26T21:11:03.241919Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2456.md) |
|
||||
| Mattermost allows a removed team member to enumerate all public channels within a private team | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:02.455815Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2458.md) |
|
||||
| Mattermost fails to filter invite IDs based on user permissions | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:08.610141Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2463.md) |
|
||||
| Mattermost fails to preserve the redacted state of burn-on-read posts during deletion | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:01.583567Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2578.md) |
|
||||
| Mattermost fails to properly handle very long passwords | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:03.732922Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-24458.md) |
|
||||
| Mattermost allows attackers to spoof permalink embeds | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:18.286997Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-2457.md) |
|
||||
| Mattermost fails to bound memory allocation when processing DOC files | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:18.467718Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-25780.md) |
|
||||
| Mattermost fails to properly validate User-Agent header tokens | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-26T21:11:24.090883Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-25783.md) |
|
||||
| Mattermost fails to bound memory allocation when processing PSD image files | `low` | `generated` | `triage-manual` | `synthetic` | `ecosystem-authority` | `2026-03-23T18:56:08.918090Z` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-cve-2026-26246.md) |
|
||||
| MMSA-2026-00574 | `medium` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00574.md) |
|
||||
| MMSA-2026-00603 | `low` | `generated` | `triage-manual` | `synthetic` | `official` | `2026-03-16` | [link](/Users/x/websafe/07-framework-security/platforms/mattermost/cases/mattermost-mmsa-2026-00603.md) |
|
||||
|
||||
在新工单中引用
屏蔽一个用户