Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-4019
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.
Mattermost Mattermost -
1 Article
6.5
CVSSv3
CVE-2022-4044
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.
Mattermost Mattermost
5.4
CVSSv3
CVE-2023-5195
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
Mattermost Mattermost
6.5
CVSSv3
CVE-2023-5196
Mattermost fails to enforce character limits in all possible notification props allowing an malicious user to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailab...
Mattermost Mattermost
6.1
CVSSv3
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.
Mattermost Mattermost
7.5
CVSSv3
CVE-2021-37861
Mattermost 6.0.2 and previous versions fails to sufficiently sanitize user's password in audit logs when user creation fails.
Mattermost Mattermost
6.5
CVSSv3
CVE-2021-37864
Mattermost 6.1 and previous versions fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
Mattermost Mattermost
2.7
CVSSv3
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-5160
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
Mattermost Mattermost
6.5
CVSSv3
CVE-2022-4045
A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.
Mattermost Mattermost -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »