Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34152
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL query request to the se...
NA
CVE-2024-32046
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an malicious user to get information about the server such as the full path wer...
NA
CVE-2024-4183
Mattermost versions 8.1.x prior to 8.1.12, 9.6.x prior to 9.6.1, 9.5.x prior to 9.5.3, 9.4.x prior to 9.4.5 fail to limit the number of active sessions, which allows an authenticated malicious user to crash the server via repeated requests to the getSessions API after flooding th...
NA
CVE-2024-28949
Mattermost Server versions 9.5.x prior to 9.5.2, 9.4.x prior to 9.4.4, 9.3.x prior to 9.3.3, 8.1.x prior to 8.1.11 don't limit the number of user preferences which allows an malicious user to send a large number of user preferences potentially causing denial of service.
NA
CVE-2024-29221
Improper Access Control in Mattermost Server versions 9.5.x prior to 9.5.2, 9.4.x prior to 9.4.4, 9.3.x prior to 9.3.3, 8.1.x prior to 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allow...
NA
CVE-2024-21848
Improper Access Control in Mattermost Server versions 8.1.x prior to 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel
NA
CVE-2024-2445
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x prior to 8.1.10, 9.2.x prior to 9.2.6, 9.3.x prior to 9.3.2, and 9.4.x prior to 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an malicious user to perform reflected cros...
NA
CVE-2024-28053
Resource Exhaustion in Mattermost Server versions 8.1.x prior to 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an malicious user to send a very large email payload and crash the server.
NA
CVE-2024-1953
Mattermost versions 8.1.x prior to 8.1.9, 9.2.x prior to 9.2.5, 9.3.0, and 9.4.x prior to 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated malicious user to cause the server to run out of memory and crash by issuing an unusually large...
NA
CVE-2024-1888
Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »