Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-1831
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Mattermost Mattermost Server 7.9.0
Mattermost Mattermost Server
5.3
CVSSv3
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and previous versions allows malicious user to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
8.2
CVSSv3
CVE-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an malicious user to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
Mattermost Mattermost Server
Mattermost Mattermost Server 8.0.0
9.8
CVSSv3
CVE-2017-18885
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows malicious users to gain privileges by accessing unintended API endpoints on a user's behalf.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
4.3
CVSSv3
CVE-2017-18870
An issue exists in Mattermost Server prior to 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.5.0
7.5
CVSSv3
CVE-2017-18871
An issue exists in Mattermost Server prior to 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows malicious users to cause a denial of service (application crash) via an @ character before a JavaScript field name.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.5.0
5.3
CVSSv3
CVE-2017-18873
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows malicious users to cause a denial of service (channel invisibility) via a misformatted post.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
6.5
CVSSv3
CVE-2017-18874
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
4.9
CVSSv3
CVE-2017-18875
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
4.9
CVSSv3
CVE-2017-18876
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »