Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-18915
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18908
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18920
An issue exists in Mattermost Server prior to 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2016-11074
An issue exists in Mattermost Server prior to 3.0.0. A password-reset link could be reused.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18900
An issue exists in Mattermost Server prior to 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18912
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. It allows an malicious user to specify a full pathname of a log file.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18885
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows malicious users to gain privileges by accessing unintended API endpoints on a user's behalf.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
7.5
CVSSv2
CVE-2017-18888
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
7.5
CVSSv2
CVE-2019-20881
An issue exists in Mattermost Server prior to 5.8.0. It mishandles brute-force attacks against MFA.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2018-21251
An issue exists in Mattermost Server prior to 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »