Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv3
CVE-2023-3587
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-3590
Mattermost fails to delete card attachments in Boards, allowing an malicious user to access deleted attachments.
Mattermost Mattermost Server
8.2
CVSSv3
CVE-2023-3591
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
Mattermost Mattermost Server
6.5
CVSSv3
CVE-2023-3593
Mattermost fails to properly validate markdown, allowing an malicious user to crash the server via a specially crafted markdown input.
Mattermost Mattermost Server
6.1
CVSSv3
CVE-2023-7113
Mattermost version 8.1.6 and previous versions fails to sanitize channel mention data in posts, which allows an malicious user to inject markup in the web client.
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-45847
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an malicious user to send a specially crafted request and crash the Playbooks plugin
Mattermost Mattermost Server
8.8
CVSSv3
CVE-2023-45316
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an malicious user to use a path traversal payload that points to a different endpoint leading to a CSRF attack.
Mattermost Mattermost Server
4.1
CVSSv3
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2024-24776
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
Mattermost Mattermost Server
3.5
CVSSv3
CVE-2023-3613
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
Mattermost Mattermost Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »