Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-2401
Unrestricted information disclosure of all users in Mattermost version 6.7.0 and previous versions allows team members to access some sensitive information by directly accessing the APIs.
Mattermost Mattermost Server 6.6.0
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
Mattermost Mattermost Server 6.6.1
6.5
CVSSv3
CVE-2022-1982
Uncontrolled resource consumption in Mattermost version 6.6.0 and previous versions allows an authenticated malicious user to crash the server via a crafted SVG attachment on a post.
Mattermost Mattermost Server 6.6.0
Mattermost Mattermost Server 6.5.0
Mattermost Mattermost Server
5.3
CVSSv3
CVE-2023-1777
Mattermost allows an malicious user to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
Mattermost Mattermost Server 7.8.0
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-49607
Mattermost fails to validate the type of the "reminder" body request parameter allowing an malicious user to crash the Playbook Plugin when updating the status dialog.
Mattermost Mattermost Server
Mattermost Mattermost Server 9.1.1
5.3
CVSSv3
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and previous versions allows malicious user to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
6.5
CVSSv3
CVE-2020-14460
An issue exists in Mattermost Server prior to 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.19.0
7.5
CVSSv3
CVE-2017-18871
An issue exists in Mattermost Server prior to 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows malicious users to cause a denial of service (application crash) via an @ character before a JavaScript field name.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.5.0
5.3
CVSSv3
CVE-2017-18873
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows malicious users to cause a denial of service (channel invisibility) via a misformatted post.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
6.5
CVSSv3
CVE-2017-18874
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
4.3
CVSSv3
CVE-2017-18878
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »