Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-0708
Mattermost 6.3.0 and previous versions fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.
Mattermost Mattermost
4.9
CVSSv3
CVE-2022-1003
One of the API in Mattermost version 6.3.0 and previous versions fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like Enab...
Mattermost Mattermost
7.5
CVSSv3
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
Mattermost Mattermost
2.7
CVSSv3
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-5160
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
Mattermost Mattermost
5.4
CVSSv3
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an malicious user to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-5967
Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-5522
Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an malicious user to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel.
Mattermost Mattermost
2.7
CVSSv3
CVE-2023-5193
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-5194
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
Mattermost Mattermost
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »