Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv3
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an malicious user to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-3590
Mattermost fails to delete card attachments in Boards, allowing an malicious user to access deleted attachments.
Mattermost Mattermost Server
8.2
CVSSv3
CVE-2023-3591
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
Mattermost Mattermost Server
3.5
CVSSv3
CVE-2023-3613
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
Mattermost Mattermost Server
3.3
CVSSv3
CVE-2023-3614
Mattermost fails to properly validate a gif image file, allowing an malicious user to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2024-1402
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seein...
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2018-21255
An issue exists in Mattermost Server prior to 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.
Mattermost Mattermost Server
2.7
CVSSv3
CVE-2023-27265
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2023-47858
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2015-9548
An issue exists in Mattermost Server prior to 1.2.0. It allows malicious users to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
Mattermost Mattermost Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »