Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an malicious user to use a path traversal payload that points to a different endpoint leading to a CSRF attack.
Mattermost Mattermost Server
NA
CVE-2023-45847
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an malicious user to send a specially crafted request and crash the Playbooks plugin
Mattermost Mattermost Server
NA
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Mattermost Mattermost Server
NA
CVE-2024-24776
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
Mattermost Mattermost Server
NA
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an malicious user to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
Mattermost Mattermost Server
NA
CVE-2023-48732
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.
Mattermost Mattermost Server
5
CVSSv2
CVE-2018-21248
An issue exists in Mattermost Server prior to 5.4.0. It mishandles possession of superfluous authentication credentials.
Mattermost Mattermost Server
4.3
CVSSv2
CVE-2018-21249
An issue exists in Mattermost Server prior to 5.3.0. It mishandles timing.
Mattermost Mattermost Server
NA
CVE-2023-27265
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Mattermost Mattermost Server
NA
CVE-2023-27266
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
Mattermost Mattermost Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »