Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-0904
A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an malicious user to crash the server via submitting a maliciously crafted Apple Pages document.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an malicious user to perform a client-side path traversal.
Mattermost Mattermost Server
5.3
CVSSv3
CVE-2023-46701
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an malicious user to get limited information about a post if they know the post ID
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2019-20845
An issue exists in Mattermost Server prior to 5.18.0. It allows malicious users to cause a denial of service (memory consumption) via a large Slack import.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2019-20846
An issue exists in Mattermost Server prior to 5.18.0. It has weak permissions for server-local file storage.
Mattermost Mattermost Server
5.3
CVSSv3
CVE-2019-20847
An issue exists in Mattermost Server prior to 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2019-20854
An issue exists in Mattermost Server prior to 5.17.0. It allows remote malicious users to cause a denial of service (client-side application crash) via a LaTeX message.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2019-20855
An issue exists in Mattermost Server prior to 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows malicious users to obtain sensitive information (local files) during legacy attachment migration.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2019-20857
An issue exists in Mattermost Server prior to 5.16.0. It allows malicious users to cause a denial of service (markdown renderer hang) via many backtick characters.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2019-20862
An issue exists in Mattermost Server prior to 5.13.0. Non-members may fetch a team's slash commands.
Mattermost Mattermost Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »