Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe
Total 320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18892 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
CVE-2017-18895 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
CVE-2019-20878 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.
CVE-2019-20844 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
CVE-2019-20872 1 Mattermost 1 Mattermost Server 2024-02-28 2.1 LOW 5.5 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVE-2019-20868 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.
CVE-2018-21252 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
CVE-2019-20886 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
CVE-2019-20857 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVE-2017-18872 1 Mattermost 1 Mattermost Server 2024-02-28 3.5 LOW 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
CVE-2019-20884 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.
CVE-2020-14454 1 Mattermost 1 Mattermost Desktop 2024-02-28 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
CVE-2019-20862 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
CVE-2018-21257 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.
CVE-2018-21251 1 Mattermost 1 Mattermost Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
CVE-2017-18903 1 Mattermost 1 Mattermost Server 2024-02-28 5.1 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
CVE-2020-14448 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.
CVE-2019-20849 1 Mattermost 1 Mattermost Mobile 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVE-2019-20882 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
CVE-2019-20874 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.