Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2019-20851
An issue exists in Mattermost Mobile Apps prior to 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
Mattermost Mattermost
NA
CVE-2023-45223
Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.
Mattermost Mattermost
NA
CVE-2022-4045
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
Mattermost Mattermost -
5
CVSSv2
CVE-2020-13891
An issue exists in Mattermost Mobile Apps prior to 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.
Mattermost Mattermost
NA
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
Mattermost Mattermost
NA
CVE-2023-5160
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
Mattermost Mattermost
2.6
CVSSv2
CVE-2021-37860
Mattermost 5.38 and previous versions fails to sufficiently sanitize clipboard contents, which allows a user-assisted malicious user to inject arbitrary web script in product deployments that explicitly disable the default CSP.
Mattermost Mattermost
5
CVSSv2
CVE-2021-37861
Mattermost 6.0.2 and previous versions fails to sufficiently sanitize user's password in audit logs when user creation fails.
Mattermost Mattermost
4
CVSSv2
CVE-2021-37864
Mattermost 6.1 and previous versions fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
Mattermost Mattermost
3.5
CVSSv2
CVE-2021-37865
Mattermost 6.2 and previous versions fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.
Mattermost Mattermost
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »