Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-18908
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Mattermost Mattermost Server
356
VMScore
CVE-2017-18910
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
Mattermost Mattermost Server
668
VMScore
CVE-2017-18912
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. It allows an malicious user to specify a full pathname of a log file.
Mattermost Mattermost Server
445
VMScore
CVE-2017-18914
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
Mattermost Mattermost Server
445
VMScore
CVE-2017-18917
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
Mattermost Mattermost Server
445
VMScore
CVE-2017-18919
An issue exists in Mattermost Server prior to 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
Mattermost Mattermost Server
668
VMScore
CVE-2017-18920
An issue exists in Mattermost Server prior to 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
Mattermost Mattermost Server
383
VMScore
CVE-2017-18921
An issue exists in Mattermost Server prior to 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
Mattermost Mattermost Server
NA
CVE-2023-5333
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
Mattermost Mattermost Server
356
VMScore
CVE-2019-20890
An issue exists in Mattermost Server prior to 5.7. It allows a bypass of e-mail address discovery restrictions.
Mattermost Mattermost Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »