Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an malicious user to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
Mattermost Mattermost Server
3.5
CVSSv2
CVE-2017-18872
An issue exists in Mattermost Server prior to 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
Mattermost Mattermost Server
NA
CVE-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.
Mattermost Mattermost Server
4.3
CVSSv2
CVE-2016-11084
An issue exists in Mattermost Server prior to 2.1.0. It allows XSS via CSRF.
Mattermost Mattermost Server
4
CVSSv2
CVE-2018-21254
An issue exists in Mattermost Server prior to 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
Mattermost Mattermost Server
5
CVSSv2
CVE-2018-21257
An issue exists in Mattermost Server prior to 5.1. It allows malicious users to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.
Mattermost Mattermost Server
5
CVSSv2
CVE-2019-20846
An issue exists in Mattermost Server prior to 5.18.0. It has weak permissions for server-local file storage.
Mattermost Mattermost Server
5
CVSSv2
CVE-2019-20855
An issue exists in Mattermost Server prior to 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows malicious users to obtain sensitive information (local files) during legacy attachment migration.
Mattermost Mattermost Server
5
CVSSv2
CVE-2019-20857
An issue exists in Mattermost Server prior to 5.16.0. It allows malicious users to cause a denial of service (markdown renderer hang) via many backtick characters.
Mattermost Mattermost Server
5
CVSSv2
CVE-2019-20867
An issue exists in Mattermost Server prior to 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.
Mattermost Mattermost Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »