Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1421
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an malicious user to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
Mattermost Mattermost Server
NA
CVE-2024-24776
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
Mattermost Mattermost Server
NA
CVE-2023-45847
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an malicious user to send a specially crafted request and crash the Playbooks plugin
Mattermost Mattermost Server
4
CVSSv2
CVE-2022-1332
One of the API in Mattermost version 6.4.1 and previous versions fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
Mattermost Mattermost Server
4
CVSSv2
CVE-2022-1337
The image proxy component in Mattermost version 6.4.1 and previous versions allocates memory for multiple copies of a proxied image, which allows an authenticated malicious user to crash the server via links to very large image files.
Mattermost Mattermost Server
6
CVSSv2
CVE-2022-1384
Mattermost version 6.4.x and previous versions fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known...
Mattermost Mattermost Server
5.8
CVSSv2
CVE-2022-1385
Mattermost 6.4.x and previous versions fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
Mattermost Mattermost Server
NA
CVE-2023-49809
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.
Mattermost Mattermost Server
NA
CVE-2023-49874
Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID.
Mattermost Mattermost Server
3.5
CVSSv2
CVE-2021-37863
Mattermost 6.0 and previous versions fails to sufficiently validate parameters during post creation, which allows authenticated malicious users to cause a client-side crash of the web application via a maliciously crafted post.
Mattermost Mattermost Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »