Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-2401
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and previous versions allows team members to access some sensitive information by directly accessing the APIs.
Mattermost Mattermost Server 6.6.0
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
Mattermost Mattermost Server 6.6.1
5.3
CVSSv3
CVE-2023-1777
Mattermost allows an malicious user to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
Mattermost Mattermost Server 7.8.0
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
6.5
CVSSv3
CVE-2022-1982
Uncontrolled resource consumption in Mattermost version 6.6.0 and previous versions allows an authenticated malicious user to crash the server via a crafted SVG attachment on a post.
Mattermost Mattermost Server 6.6.0
Mattermost Mattermost Server 6.5.0
Mattermost Mattermost Server
5.4
CVSSv3
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an malicious user to invite themselves to a private channel.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
6.5
CVSSv3
CVE-2023-1775
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
5.4
CVSSv3
CVE-2023-1776
Boards in Mattermost allows an malicious user to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-49607
Mattermost fails to validate the type of the "reminder" body request parameter allowing an malicious user to crash the Playbook Plugin when updating the status dialog.
Mattermost Mattermost Server
Mattermost Mattermost Server 9.1.1
7.5
CVSSv3
CVE-2023-1831
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Mattermost Mattermost Server 7.9.0
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2017-18870
An issue exists in Mattermost Server prior to 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.5.0
7.5
CVSSv3
CVE-2017-18871
An issue exists in Mattermost Server prior to 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows malicious users to cause a denial of service (application crash) via an @ character before a JavaScript field name.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »