A critical vulnerability in Slack collaboration app would allow remote code-execution (RCE) The bug (rated between nine and 10 on the CvSS vulnerability-severity scale) involves cross-site scripting (XSS) and HTML injection. Slack for Desktop (Mac/Windows/Linux) prior to version 4.4 are vulnerable. The bug was patched in February, but has just now been disclosed of a HackerOne disclosure hiatus. Join us today for a webinar to learn how to juggle public versus private programs and budgets.
Source: https://threatpost.com/critical-slack-bug-access-private-channels-conversations/158795/