Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2019-20872
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
356
VMScore
CVE-2019-20873
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows malicious users to obtain sensitive information during user activation/deactivation.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
445
VMScore
CVE-2019-20875
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
445
VMScore
CVE-2019-20877
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows malicious users to obtain sensitive information about whether someone has 2FA enabled.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
356
VMScore
CVE-2019-20879
An issue exists in Mattermost Server prior to 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.8.0
445
VMScore
CVE-2019-20889
An issue exists in Mattermost Server prior to 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.7.0
NA
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an malicious user to invite themselves to a private channel.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
NA
CVE-2023-1831
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Mattermost Mattermost Server 7.9.0
Mattermost Mattermost Server
356
VMScore
CVE-2018-21253
An issue exists in Mattermost Server prior to 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.1.0
578
VMScore
CVE-2018-21263
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »