{"vulnerability": "cve-2016-1107", "sightings": [{"uuid": "2194fe9e-e84c-41aa-99a9-a36288909c49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11072", "type": "seen", "source": "https://t.me/cibsecurity/12947", "content": "ATENTION\u203c New - CVE-2016-11072\n\nAn issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:36.000000Z"}, {"uuid": "afef4d89-b721-4cee-86a2-62154fce1e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11079", "type": "seen", "source": "https://t.me/cibsecurity/12940", "content": "ATENTION\u203c New - CVE-2016-11079\n\nAn issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:27.000000Z"}, {"uuid": "8465c681-2931-496c-9bb0-739ff04f19a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11078", "type": "seen", "source": "https://t.me/cibsecurity/12941", "content": "ATENTION\u203c New - CVE-2016-11078\n\nAn issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:28.000000Z"}, {"uuid": "559ddccd-b7d5-48bc-9cf1-9876e3e9950a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11077", "type": "seen", "source": "https://t.me/cibsecurity/12942", "content": "ATENTION\u203c New - CVE-2016-11077\n\nAn issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:29.000000Z"}, {"uuid": "1c9af835-e1d2-4f39-ad87-f9d991daa8ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11070", "type": "seen", "source": "https://t.me/cibsecurity/12949", "content": "ATENTION\u203c New - CVE-2016-11070\n\nAn issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:38.000000Z"}, {"uuid": "f850dad5-b456-4e87-b36e-141614a42946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11071", "type": "seen", "source": "https://t.me/cibsecurity/12948", "content": "ATENTION\u203c New - CVE-2016-11071\n\nAn issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:37.000000Z"}, {"uuid": "7474b23e-f979-4509-bf18-fe28bbe43282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11076", "type": "seen", "source": "https://t.me/cibsecurity/12943", "content": "ATENTION\u203c New - CVE-2016-11076\n\nAn issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:31.000000Z"}, {"uuid": "df90288b-4667-4c9e-8765-e5b3ae513136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11075", "type": "seen", "source": "https://t.me/cibsecurity/12944", "content": "ATENTION\u203c New - CVE-2016-11075\n\nAn issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:33.000000Z"}, {"uuid": "a61039bd-90d0-46ae-bb64-fab065e423ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11074", "type": "seen", "source": "https://t.me/cibsecurity/12945", "content": "ATENTION\u203c New - CVE-2016-11074\n\nAn issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:34.000000Z"}, {"uuid": "832ae232-1e1e-40e4-87f3-363dfc934fcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-11073", "type": "seen", "source": "https://t.me/cibsecurity/12946", "content": "ATENTION\u203c New - CVE-2016-11073\n\nAn issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-20T00:55:35.000000Z"}]}