Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-37864
Mattermost 6.1 and previous versions fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
Mattermost Mattermost
312
VMScore
CVE-2021-37865
Mattermost 6.2 and previous versions fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.
Mattermost Mattermost
NA
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
Mattermost Mattermost
NA
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
Mattermost Mattermost
312
VMScore
CVE-2022-1002
Mattermost 6.3.0 and previous versions fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
Mattermost Mattermost
NA
CVE-2022-4045
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
Mattermost Mattermost -
570
VMScore
CVE-2019-20851
An issue exists in Mattermost Mobile Apps prior to 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
Mattermost Mattermost
NA
CVE-2023-45223
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
Mattermost Mattermost
NA
CVE-2023-7114
Mattermost version 2.10.0 and previous versions fails to sanitize deeplink paths, which allows an malicious user to perform CSRF attacks against the server.
Mattermost Mattermost
445
VMScore
CVE-2021-37861
Mattermost 6.0.2 and previous versions fails to sufficiently sanitize user's password in audit logs when user creation fails.
Mattermost Mattermost
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »