Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an malicious user to perform a client-side path traversal.
Mattermost Mattermost Server
NA
CVE-2023-6459
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.
Mattermost Mattermost Server
NA
CVE-2023-2515
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
Mattermost Mattermost Server
NA
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an malicious user to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
Mattermost Mattermost Server
NA
CVE-2023-6547
Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, g...
Mattermost Mattermost Server
445
VMScore
CVE-2019-20845
An issue exists in Mattermost Server prior to 5.18.0. It allows malicious users to cause a denial of service (memory consumption) via a large Slack import.
Mattermost Mattermost Server
445
VMScore
CVE-2019-20847
An issue exists in Mattermost Server prior to 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
Mattermost Mattermost Server
445
VMScore
CVE-2019-20862
An issue exists in Mattermost Server prior to 5.13.0. Non-members may fetch a team's slash commands.
Mattermost Mattermost Server
445
VMScore
CVE-2019-20863
An issue exists in Mattermost Server prior to 5.13.0. Incoming webhook creation is not properly restricted.
Mattermost Mattermost Server
445
VMScore
CVE-2019-20866
An issue exists in Mattermost Server prior to 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.
Mattermost Mattermost Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »