Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2787
Mattermost fails to check channel membership when accessing message threads, allowing an malicious user to access arbitrary posts by using the message threads API.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
NA
CVE-2023-2788
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
NA
CVE-2023-2791
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated malicious user to edit an arbitrary channel post.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
NA
CVE-2023-2793
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an malicious user to cause a denial-of-service by a linking to a specially crafted webpage in a message.
Mattermost Mattermost 7.10.0
Mattermost Mattermost
NA
CVE-2023-2797
Mattermost fails to sanitize code permalinks, allowing an malicious user to preview code from private repositories by posting a specially crafted permalink on a channel.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
NA
CVE-2023-2792
Mattermost fails to sanitize ephemeral error messages, allowing an malicious user to obtain arbitrary message contents by a specially crafted /groupmsg command.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
445
VMScore
CVE-2019-20843
An issue exists in Mattermost Server prior to 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.18.0
445
VMScore
CVE-2019-20880
An issue exists in Mattermost Server prior to 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows malicious users to cause a denial of service (memory consumption) via OpenGraph.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.8.0
NA
CVE-2023-1775
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
NA
CVE-2023-1776
Boards in Mattermost allows an malicious user to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »