Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe
Total 320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20873 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.
CVE-2019-20880 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
CVE-2018-21261 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.
CVE-2019-20889 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
CVE-2019-20846 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
CVE-2016-11069 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
CVE-2019-20869 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
CVE-2017-18900 1 Mattermost 1 Mattermost Server 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
CVE-2017-18894 1 Mattermost 1 Mattermost Server 2024-02-28 5.5 MEDIUM 8.1 HIGH
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
CVE-2019-20851 1 Mattermost 1 Mattermost 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
CVE-2020-14459 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
CVE-2017-18907 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVE-2016-11071 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
CVE-2017-18881 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
CVE-2019-20879 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
CVE-2017-18876 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
CVE-2016-11067 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
CVE-2019-20885 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.
CVE-2019-20871 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
CVE-2017-18875 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.