Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv3
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
Mattermost Mattermost
8.2
CVSSv3
CVE-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an malicious user to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
Mattermost Mattermost Server
Mattermost Mattermost Server 8.0.0
4.3
CVSSv3
CVE-2023-4105
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message
Mattermost Mattermost
6.5
CVSSv3
CVE-2023-4106
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.
Mattermost Mattermost
6.5
CVSSv3
CVE-2023-4107
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
Mattermost Mattermost
7.5
CVSSv3
CVE-2023-4108
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged
Mattermost Mattermost
4.3
CVSSv3
CVE-2023-3577
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an malicious user to perform a limited blind SSRF.
Mattermost Mattermost Server
8.1
CVSSv3
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
Mattermost Mattermost Server
4.3
CVSSv3
CVE-2023-3582
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to,
Mattermost Mattermost Server
3.1
CVSSv3
CVE-2023-3584
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
Mattermost Mattermost Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »