Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-18890
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows an malicious user to create a button that, when pressed by a user, launches an API request.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
383
VMScore
CVE-2017-18892
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
383
VMScore
CVE-2017-18893
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
445
VMScore
CVE-2017-18895
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It allows malicious users to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
516
VMScore
CVE-2017-18897
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
445
VMScore
CVE-2017-18899
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
668
VMScore
CVE-2018-21251
An issue exists in Mattermost Server prior to 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
356
VMScore
CVE-2018-21252
An issue exists in Mattermost Server prior to 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
356
VMScore
CVE-2018-21253
An issue exists in Mattermost Server prior to 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.1.0
578
VMScore
CVE-2018-21263
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »