Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and previous versions allows malicious user to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
5
CVSSv2
CVE-2022-0903
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an malicious user to crash the server via submitting a maliciously crafted POST body.
Mattermost Mattermost Server
5
CVSSv2
CVE-2021-37866
Mattermost Boards plugin v0.10.0 and previous versions fails to invalidate a session on the server-side when a user logged out of Boards, which allows an malicious user to reuse old session token for authorization.
Mattermost Mattermost Boards
5
CVSSv2
CVE-2017-18905
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
Mattermost Mattermost Server
5
CVSSv2
CVE-2017-18914
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
Mattermost Mattermost Server
5
CVSSv2
CVE-2017-18916
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
Mattermost Mattermost Server
5
CVSSv2
CVE-2017-18917
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
Mattermost Mattermost Server
5
CVSSv2
CVE-2017-18919
An issue exists in Mattermost Server prior to 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
Mattermost Mattermost Server
5
CVSSv2
CVE-2016-11066
An issue exists in Mattermost Server prior to 3.2.0. The initial_load API disclosed unnecessary personal information.
Mattermost Mattermost Server
5
CVSSv2
CVE-2016-11075
An issue exists in Mattermost Server prior to 3.0.0. It allows malicious users to obtain sensitive information about team URLs via an API.
Mattermost Mattermost Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »