Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an malicious user to perform a client-side path traversal.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2020-26276
Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an malicious user to modify the trusted document. This can result in allowing unverified logins from a SAML IdP...
Fleetdm Fleet
9.8
CVSSv3
CVE-2017-18920
An issue exists in Mattermost Server prior to 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18915
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2016-11074
An issue exists in Mattermost Server prior to 3.0.0. A password-reset link could be reused.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18908
An issue exists in Mattermost Server prior to 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2016-11064
An issue exists in Mattermost Desktop App prior to 3.4.0. Strings could be executed as code via injection.
Mattermost Mattermost Desktop
9.8
CVSSv3
CVE-2017-18912
An issue exists in Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. It allows an malicious user to specify a full pathname of a log file.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18900
An issue exists in Mattermost Server prior to 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
Mattermost Mattermost Server
9.8
CVSSv3
CVE-2017-18888
An issue exists in Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »