Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe
Total 323 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-21261 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.
CVE-2018-21260 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 2.7 LOW
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
CVE-2018-21259 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.
CVE-2018-21258 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
CVE-2018-21257 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.
CVE-2018-21256 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
CVE-2018-21255 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.
CVE-2018-21254 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
CVE-2018-21253 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
CVE-2018-21252 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
CVE-2018-21251 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
CVE-2018-21250 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
CVE-2018-21249 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 3.7 LOW
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
CVE-2018-21248 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
CVE-2017-18921 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
CVE-2017-18920 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
CVE-2017-18919 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
CVE-2017-18918 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
CVE-2017-18917 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
CVE-2017-18916 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.