Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-20865
An issue exists in Mattermost Server prior to 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.12.0
8.8
CVSSv3
CVE-2019-20841
An issue exists in Mattermost Server prior to 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.18.0
8.2
CVSSv3
CVE-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an malicious user to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
Mattermost Mattermost Server
Mattermost Mattermost Server 8.0.0
8.2
CVSSv3
CVE-2023-3591
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
Mattermost Mattermost Server
8.1
CVSSv3
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
Mattermost Mattermost Server
8.1
CVSSv3
CVE-2023-3615
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network malicious user to intercept the WebSockets connection.
Mattermost Mattermost
8.1
CVSSv3
CVE-2017-18906
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
Mattermost Mattermost Server
8.1
CVSSv3
CVE-2017-18894
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
8.1
CVSSv3
CVE-2017-18884
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows malicious users to gain privileges by using a registered OAuth application with personal access tokens.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
7.5
CVSSv3
CVE-2023-45847
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an malicious user to send a specially crafted request and crash the Playbooks plugin
Mattermost Mattermost Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »