Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-49607
Mattermost fails to validate the type of the "reminder" body request parameter allowing an malicious user to crash the Playbook Plugin when updating the status dialog.
Mattermost Mattermost Server
Mattermost Mattermost Server 9.1.1
7.5
CVSSv3
CVE-2023-5330
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an malicious user to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-3590
Mattermost fails to delete card attachments in Boards, allowing an malicious user to access deleted attachments.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
Mattermost Mattermost
7.5
CVSSv3
CVE-2023-1831
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Mattermost Mattermost Server 7.9.0
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2022-0903
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an malicious user to crash the server via submitting a maliciously crafted POST body.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2021-37866
Mattermost Boards plugin v0.10.0 and previous versions fails to invalidate a session on the server-side when a user logged out of Boards, which allows an malicious user to reuse old session token for authorization.
Mattermost Mattermost Boards
7.5
CVSSv3
CVE-2017-18917
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2015-9548
An issue exists in Mattermost Server prior to 1.2.0. It allows malicious users to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2016-11066
An issue exists in Mattermost Server prior to 3.2.0. The initial_load API disclosed unnecessary personal information.
Mattermost Mattermost Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »