Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27266
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Mattermost Mattermost Server
NA
CVE-2024-1402
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seein...
Mattermost Mattermost Server
NA
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Mattermost Mattermost Server
NA
CVE-2024-24776
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
Mattermost Mattermost Server
NA
CVE-2023-5330
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an malicious user to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
Mattermost Mattermost Server
NA
CVE-2023-5331
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
Mattermost Mattermost Server
NA
CVE-2023-5333
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
Mattermost Mattermost Server
5
CVSSv2
CVE-2018-21248
An issue exists in Mattermost Server prior to 5.4.0. It mishandles possession of superfluous authentication credentials.
Mattermost Mattermost Server
4.3
CVSSv2
CVE-2018-21250
An issue exists in Mattermost Server prior to 5.2.2, 5.1.2, and 4.10.4. It allows remote malicious users to cause a denial of service (memory consumption) via crafted image dimensions.
Mattermost Mattermost Server
4
CVSSv2
CVE-2018-21254
An issue exists in Mattermost Server prior to 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
Mattermost Mattermost Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »