Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and previous versions allows malicious user to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
445
VMScore
CVE-2022-0903
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an malicious user to crash the server via submitting a maliciously crafted POST body.
Mattermost Mattermost Server
445
VMScore
CVE-2021-37866
Mattermost Boards plugin v0.10.0 and previous versions fails to invalidate a session on the server-side when a user logged out of Boards, which allows an malicious user to reuse old session token for authorization.
Mattermost Mattermost Boards
445
VMScore
CVE-2017-18905
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
Mattermost Mattermost Server
445
VMScore
CVE-2017-18914
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
Mattermost Mattermost Server
445
VMScore
CVE-2017-18917
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
Mattermost Mattermost Server
445
VMScore
CVE-2017-18919
An issue exists in Mattermost Server prior to 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
Mattermost Mattermost Server
445
VMScore
CVE-2015-9548
An issue exists in Mattermost Server prior to 1.2.0. It allows malicious users to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
Mattermost Mattermost Server
445
VMScore
CVE-2016-11066
An issue exists in Mattermost Server prior to 3.2.0. The initial_load API disclosed unnecessary personal information.
Mattermost Mattermost Server
445
VMScore
CVE-2016-11068
An issue exists in Mattermost Server prior to 3.2.0. Attackers could read LDAP fields via injection.
Mattermost Mattermost Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »