Mattermost Personal Token
#
Description#
General- Documentation: https://docs.mattermost.com/developer/personal-access-tokens.html
- Summary: Mattermost is an open-source messaging app. Tokens allow users to interact with the app. By default only admin users can create personal tokens, so they have full access to the account including System Admin privileges (see doc. Leaking a Mattermost admin personal token is a highly critical incident.
- IPs allowlist: This feature is not available.
- Scopes: Personal access tokens share the same permissions as the user.
#
Revoke the secretTokens can be revoked from the account setting or the system console. Token can also be temporarily deactivated.
#
Check for suspicious activityLogs related to the token can be inspected in the system console.
Mattermost personal token
#
Details for Family: Api
Category: Messaging system
Company: Mattermost
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 0.58
Prefixed: False
PreValidators:
- type: ContentWhitelistPreValidator patterns: - mattermost
#
Examples- text: "def mmsend(message,hasData,fpath): #mattermost SERVER_URL = 'http://oatcouture.tw:8065' mmKey = '9kih4c69v7bcpbgf174usrlgie'" host: http://oatcouture.tw:8065 token: 9kih4c69v7bcpbgf174usrlgie
- text: "service: mattermost url: https://mattermost.my-company.com personal_token: b957n67ahin90ba4f4dt14966v" host: https://mattermost.my-company.com token: b957n67ahin90ba4f4dt14966v
- text: "def fetchUsersFromMattermost do - url = 'http://56.91.164.139:8065/api/v4/users' - headers = [{'Authorization', 'Bearer jh7cgmr3tod5igzkavtwrhr5ia'}" host: http://56.91.164.139:8065 token: jh7cgmr3tod5igzkavtwrhr5ia
- text: "mattermost_url = 'https://chat.coworkers.com/api/v4/users' headers = [{'Authorization', 'Bearer ih7kjnr4otd5igzroptwrhu6op'}, {'Content-Type', 'application/json; charset=utf-8'}]" host: https://chat.coworkers.com token: ih7kjnr4otd5igzroptwrhu6op