Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2017-18876
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
7.5
CVSSv3
CVE-2023-1831
Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config).
Mattermost Mattermost Server 7.9.0
Mattermost Mattermost Server
8.2
CVSSv3
CVE-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an malicious user to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
Mattermost Mattermost Server
Mattermost Mattermost Server 8.0.0
8.8
CVSSv3
CVE-2019-20841
An issue exists in Mattermost Server prior to 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.18.0
7.5
CVSSv3
CVE-2019-20859
An issue exists in Mattermost Server prior to 5.15.0. Login access control can be bypassed via crafted input.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
7.5
CVSSv3
CVE-2019-20874
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows malicious users to obtain sensitive information during a role change.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
5.4
CVSSv3
CVE-2019-20876
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
4.3
CVSSv3
CVE-2019-20879
An issue exists in Mattermost Server prior to 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.8.0
7.5
CVSSv3
CVE-2019-20880
An issue exists in Mattermost Server prior to 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows malicious users to cause a denial of service (memory consumption) via OpenGraph.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.8.0
5.3
CVSSv3
CVE-2019-20889
An issue exists in Mattermost Server prior to 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »