apk package

chainguard/mattermost-fips-9.11

pkg:apk/chainguard/mattermost-fips-9.11

Vulnerabilities (63)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-45223	—	< 0	0	Nov 27, 2023	Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
CVE-2023-47865	—	< 0	0	Nov 27, 2023	Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a pos
CVE-2022-31022	—	< 9.11.14-r1	9.11.14-r1	Jun 1, 2022	Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (blev

CVE-2023-45223Nov 27, 2023
affected < 0fixed 0
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
CVE-2023-47865Nov 27, 2023
affected < 0fixed 0
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a pos
CVE-2022-31022Jun 1, 2022
affected < 9.11.14-r1fixed 9.11.14-r1
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (blev

Page 4 of 4