Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5969
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.
Mattermost Mattermost
Mattermost Mattermost 9.0.0
NA
CVE-2023-47168
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
Mattermost Mattermost
Mattermost Mattermost 9.1.0
NA
CVE-2023-2797
Mattermost fails to sanitize code permalinks, allowing an malicious user to preview code from private repositories by posting a specially crafted permalink on a channel.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
NA
CVE-2023-43754
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting...
Mattermost Mattermost
Mattermost Mattermost 9.1.0
NA
CVE-2023-48268
Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an malicious user to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb)...
Mattermost Mattermost
Mattermost Mattermost 9.1.0
NA
CVE-2023-48369
Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.
Mattermost Mattermost
Mattermost Mattermost 9.1.0
7.5
CVSSv2
CVE-2018-21251
An issue exists in Mattermost Server prior to 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
4
CVSSv2
CVE-2018-21252
An issue exists in Mattermost Server prior to 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
4
CVSSv2
CVE-2018-21253
An issue exists in Mattermost Server prior to 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.1.0
6.5
CVSSv2
CVE-2018-21263
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »