CVE-2025-27936

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-208
View all →

Vulnerability Description

Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.

Related Vulnerabilities

CVE-2014-125055

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing di...

CWE-2082014

CVE-2014-125056

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to obser...

CWE-2082014

CVE-2016-15015

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulatio...

CWE-2082016

CVE-2022-20752

MEDIUM
CVSS:5.3(Medium)

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauth...

CWE-2082022

CVE-2022-42288

MEDIUM
CVSS:5.3(Medium)

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

CWE-2082022

CVE-2023-1538

MEDIUM
CVSS:5.3(Medium)

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

CWE-2082023