Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and previous versions allows malicious user to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
NA
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an malicious user to invite themselves to a private channel.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
NA
CVE-2023-1775
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
NA
CVE-2023-1831
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Mattermost Mattermost Server 7.9.0
Mattermost Mattermost Server
356
VMScore
CVE-2020-14460
An issue exists in Mattermost Server prior to 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.19.0
578
VMScore
CVE-2018-21264
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
NA
CVE-2023-49607
Mattermost fails to validate the type of the "reminder" body request parameter allowing an malicious user to crash the Playbook Plugin when updating the status dialog.
Mattermost Mattermost Server
Mattermost Mattermost Server 9.1.1
668
VMScore
CVE-2018-21251
An issue exists in Mattermost Server prior to 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
356
VMScore
CVE-2018-21252
An issue exists in Mattermost Server prior to 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
356
VMScore
CVE-2018-21253
An issue exists in Mattermost Server prior to 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »