Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
5.1
CVSSv2
CVE-2017-18903
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
Mattermost Mattermost Server
4.9
CVSSv2
CVE-2017-18906
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18908
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Mattermost Mattermost Server
4.3
CVSSv2
CVE-2017-18909
An issue exists in Mattermost Server prior to 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
Mattermost Mattermost Server
4
CVSSv2
CVE-2017-18910
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
Mattermost Mattermost Server
6.4
CVSSv2
CVE-2017-18911
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18912
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. It allows an malicious user to specify a full pathname of a log file.
Mattermost Mattermost Server
4.3
CVSSv2
CVE-2017-18913
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
Mattermost Mattermost Server
5
CVSSv2
CVE-2017-18914
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
Mattermost Mattermost Server
7.5
CVSSv2
CVE-2017-18915
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
Mattermost Mattermost Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »