Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost mattermost server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32046
Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and 8.1.x <= 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an malicious user to get information about the server such as the full path wer...
NA
CVE-2024-4183
Mattermost versions 8.1.x prior to 8.1.12, 9.6.x prior to 9.6.1, 9.5.x prior to 9.5.3, 9.4.x prior to 9.4.5 fail to limit the number of active sessions, which allows an authenticated malicious user to crash the server via repeated requests to the getSessions API after flooding th...
NA
CVE-2024-29221
Improper Access Control in Mattermost Server versions 9.5.x prior to 9.5.2, 9.4.x prior to 9.4.4, 9.3.x prior to 9.3.3, 8.1.x prior to 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allow...
NA
CVE-2024-28949
Mattermost Server versions 9.5.x prior to 9.5.2, 9.4.x prior to 9.4.4, 9.3.x prior to 9.3.3, 8.1.x prior to 8.1.11 don't limit the number of user preferences which allows an malicious user to send a large number of user preferences potentially causing denial of service.
NA
CVE-2024-21848
Improper Access Control in Mattermost Server versions 8.1.x prior to 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel
NA
CVE-2024-2445
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x prior to 8.1.10, 9.2.x prior to 9.2.6, 9.3.x prior to 9.3.2, and 9.4.x prior to 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an malicious user to perform reflected cros...
NA
CVE-2024-28053
Resource Exhaustion in Mattermost Server versions 8.1.x prior to 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an malicious user to send a very large email payload and crash the server.
NA
CVE-2024-1953
Mattermost versions 8.1.x prior to 8.1.9, 9.2.x prior to 9.2.5, 9.3.0, and 9.4.x prior to 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated malicious user to cause the server to run out of memory and crash by issuing an unusually large...
NA
CVE-2024-1888
Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the ...
NA
CVE-2024-24988
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an malicious user to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »