Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an malicious user to perform a client-side path traversal.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18908
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18915
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18920
An issue exists in Mattermost Server prior to 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2016-11074
An issue exists in Mattermost Server prior to 3.0.0. A password-reset link could be reused.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18912
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. It allows an malicious user to specify a full pathname of a log file.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18885
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows malicious users to gain privileges by accessing unintended API endpoints on a user's behalf.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
9.8
CVSSv3
CVE-2017-18888
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
9.8
CVSSv3
CVE-2017-18900
An issue exists in Mattermost Server prior to 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2018-21251
An issue exists in Mattermost Server prior to 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »