Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-20879
An issue exists in Mattermost Server prior to 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.8.0
445
VMScore
CVE-2019-20880
An issue exists in Mattermost Server prior to 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows malicious users to cause a denial of service (memory consumption) via OpenGraph.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.8.0
445
VMScore
CVE-2019-20888
An issue exists in Mattermost Server prior to 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows malicious users to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.7.0
445
VMScore
CVE-2019-20889
An issue exists in Mattermost Server prior to 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.7.0
445
VMScore
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and previous versions allows malicious user to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
356
VMScore
CVE-2019-20873
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows malicious users to obtain sensitive information during user activation/deactivation.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
NA
CVE-2024-1402
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seein...
Mattermost Mattermost Server
NA
CVE-2023-46701
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an malicious user to get limited information about a post if they know the post ID
Mattermost Mattermost Server
NA
CVE-2023-1421
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an malicious user to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
Mattermost Mattermost Server
NA
CVE-2022-3147
Mattermost version 7.0.x and previous versions fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.
Mattermost Mattermost Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »