Whitehattushu

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** The issue allows an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated, due to a failure in checking if an admin user account is active after an oauth2 flow is started. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mattermost (affected versions not specified) **Description** Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Wyse Management Suite versions 3.6.1 and below **Description** The issue is related to improper access control, which could allow an attacker with no access to create rules to potentially exploit the vulnerability and create rules. **Recommendations** For Dell Wyse Management Suite versions 3.6.1 and below, update to a version above 3.6.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dell Wyse Management Suite versions 3.6.1 and below **Description** The issue is related to improper access control in the UI, allowing a remote authenticated attacker to bypass access controls and download reports containing sensitive information. **Recommendations** For versions 3.6.1 and below, update to a version above 3.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the UI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell Wyse Management Suite versions 3.6.1 and below **Description** The issue is related to improper access control. A remote malicious user could exploit this to retain access to a file repository after it has been revoked. **Recommendations** For versions 3.6.1 and below, update to a version above 3.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the file repository to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab EE version 12.2 **Description** The issue concerns insecure permissions in GitLab EE. **Recommendations** For GitLab EE version 12.2, update to a version that addresses the insecure permissions issue.