Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-40703
Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a malicious user to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially crafted string.
Mattermost Mattermost
Mattermost Mattermost 9.1.0
7.5
CVSSv3
CVE-2023-48268
Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an malicious user to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially crafted zip (zip bomb)...
Mattermost Mattermost
Mattermost Mattermost 9.1.0
4.9
CVSSv3
CVE-2023-5968
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.
Mattermost Mattermost
Mattermost Mattermost 9.0.0
6.5
CVSSv3
CVE-2023-2831
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an malicious user to cause a Denial of Service by sending a message containing a large number of escaped characters.
Mattermost Mattermost
Mattermost Mattermost 7.10.0
4.3
CVSSv3
CVE-2023-43754
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting...
Mattermost Mattermost
Mattermost Mattermost 9.1.0
5.3
CVSSv3
CVE-2023-5969
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.
Mattermost Mattermost
Mattermost Mattermost 9.0.0
5.4
CVSSv3
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an malicious user to invite themselves to a private channel.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
6.5
CVSSv3
CVE-2023-1775
When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
5.4
CVSSv3
CVE-2023-1776
Boards in Mattermost allows an malicious user to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
7.5
CVSSv3
CVE-2023-49607
Mattermost fails to validate the type of the "reminder" body request parameter allowing an malicious user to crash the Playbook Plugin when updating the status dialog.
Mattermost Mattermost Server
Mattermost Mattermost Server 9.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »