Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-37865
Mattermost 6.2 and previous versions fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.
Mattermost Mattermost
6.4
CVSSv2
CVE-2019-20851
An issue exists in Mattermost Mobile Apps prior to 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
Mattermost Mattermost
4.3
CVSSv2
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.
Mattermost Mattermost
4
CVSSv2
CVE-2021-37864
Mattermost 6.1 and previous versions fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
Mattermost Mattermost
NA
CVE-2023-7114
Mattermost version 2.10.0 and previous versions fails to sanitize deeplink paths, which allows an malicious user to perform CSRF attacks against the server.
Mattermost Mattermost
NA
CVE-2023-1562
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an malicious user to learn the full name of a board owner.
Mattermost Mattermost
NA
CVE-2023-4105
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message
Mattermost Mattermost
NA
CVE-2023-4107
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
Mattermost Mattermost
2.6
CVSSv2
CVE-2021-37860
Mattermost 5.38 and previous versions fails to sufficiently sanitize clipboard contents, which allows a user-assisted malicious user to inject arbitrary web script in product deployments that explicitly disable the default CSP.
Mattermost Mattermost
NA
CVE-2022-4044
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.
Mattermost Mattermost
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »