Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3577
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an malicious user to perform a limited blind SSRF.
Mattermost Mattermost Server
NA
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
Mattermost Mattermost Server
NA
CVE-2023-3582
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to,
Mattermost Mattermost Server
NA
CVE-2023-3584
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
Mattermost Mattermost Server
NA
CVE-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.
Mattermost Mattermost Server
NA
CVE-2023-3587
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
Mattermost Mattermost Server
NA
CVE-2023-3591
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
Mattermost Mattermost Server
NA
CVE-2023-3593
Mattermost fails to properly validate markdown, allowing an malicious user to crash the server via a specially crafted markdown input.
Mattermost Mattermost Server
5
CVSSv2
CVE-2022-0903
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an malicious user to crash the server via submitting a maliciously crafted POST body.
Mattermost Mattermost Server
NA
CVE-2023-2515
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
Mattermost Mattermost Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »