Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-18879
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
6.5
CVSSv2
CVE-2017-18886
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
5.8
CVSSv2
CVE-2017-18891
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
4.3
CVSSv2
CVE-2017-18893
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
NA
CVE-2023-49607
Mattermost fails to validate the type of the "reminder" body request parameter allowing an malicious user to crash the Playbook Plugin when updating the status dialog.
Mattermost Mattermost Server
Mattermost Mattermost Server 9.1.1
7.5
CVSSv2
CVE-2018-21251
An issue exists in Mattermost Server prior to 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
4
CVSSv2
CVE-2018-21253
An issue exists in Mattermost Server prior to 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.1.0
6.5
CVSSv2
CVE-2018-21264
An issue exists in Mattermost Server prior to 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.7.0
NA
CVE-2023-1831
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Mattermost Mattermost Server 7.9.0
Mattermost Mattermost Server
4.3
CVSSv2
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.
Mattermost Mattermost
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »