Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-1332
One of the API in Mattermost version 6.4.1 and previous versions fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
Mattermost Mattermost Server
6.1
CVSSv3
CVE-2023-7113
Mattermost version 8.1.6 and previous versions fails to sanitize channel mention data in posts, which allows an malicious user to inject markup in the web client.
Mattermost Mattermost Server
3.5
CVSSv3
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an malicious user to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
Mattermost Mattermost Server
5.3
CVSSv3
CVE-2023-46701
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an malicious user to get limited information about a post if they know the post ID
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2023-47858
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
Mattermost Mattermost Server
8.1
CVSSv3
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2023-3582
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to,
Mattermost Mattermost Server
3.1
CVSSv3
CVE-2023-3584
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2023-3585
Mattermost Boards fail to properly validate a board link, allowing an malicious user to crash a channel by posting a specially crafted boards link.
Mattermost Mattermost Server
5.4
CVSSv3
CVE-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.
Mattermost Mattermost Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »