Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mattermost server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-20878
An issue exists in Mattermost Server prior to 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
5.4
CVSSv3
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an malicious user to invite themselves to a private channel.
Mattermost Mattermost Server 7.7.1
Mattermost Mattermost Server
8.2
CVSSv3
CVE-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an malicious user to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
Mattermost Mattermost Server
Mattermost Mattermost Server 8.0.0
6.1
CVSSv3
CVE-2017-18891
An issue exists in Mattermost Server prior to 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.
Mattermost Mattermost Server
Mattermost Mattermost Server 4.2.0
5.3
CVSSv3
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and previous versions allows malicious user to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Mattermost Mattermost Server 6.7.0
Mattermost Mattermost Server
8.8
CVSSv3
CVE-2019-20841
An issue exists in Mattermost Server prior to 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.18.0
7.2
CVSSv3
CVE-2019-20842
An issue exists in Mattermost Server prior to 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.18.0
6.5
CVSSv3
CVE-2019-20844
An issue exists in Mattermost Server prior to 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.18.0
7.5
CVSSv3
CVE-2019-20859
An issue exists in Mattermost Server prior to 5.15.0. Login access control can be bypassed via crafted input.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.9.0
8.8
CVSSv3
CVE-2019-20865
An issue exists in Mattermost Server prior to 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
Mattermost Mattermost Server
Mattermost Mattermost Server 5.12.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »