Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-18892
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
6.1
CVSSv3
CVE-2017-18893
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
8.1
CVSSv3
CVE-2017-18894
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
5.3
CVSSv3
CVE-2017-18895
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It allows malicious users to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
5.3
CVSSv3
CVE-2017-18896
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It allows malicious users to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
6.1
CVSSv3
CVE-2017-18897
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
5.3
CVSSv3
CVE-2017-18898
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
5.3
CVSSv3
CVE-2017-18899
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
9.8
CVSSv3
CVE-2018-21251
An issue exists in Mattermost Server prior to 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
7.5
CVSSv3
CVE-2023-49607
Mattermost fails to validate the type of the "reminder" body request parameter allowing an malicious user to crash the Playbook Plugin when updating the status dialog.
Mattermost Mattermost Server
Mattermost Mattermost Server 9.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »