Total
206 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |||||
CVE-2019-20881 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. | |||||
CVE-2019-20867 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post. | |||||
CVE-2017-18880 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. | |||||
CVE-2017-18910 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | |||||
CVE-2019-20875 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. |