Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe
Total 320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14453 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.
CVE-2017-18917 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
CVE-2016-11077 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 2.7 LOW
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
CVE-2017-18889 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.
CVE-2019-20870 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVE-2019-20842 1 Mattermost 1 Mattermost Server 2024-02-28 6.5 MEDIUM 7.2 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
CVE-2019-20856 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVE-2017-18879 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
CVE-2017-18918 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
CVE-2019-20843 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
CVE-2016-11062 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
CVE-2018-21250 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
CVE-2017-18905 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVE-2019-20860 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.
CVE-2018-21262 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
CVE-2018-21254 1 Mattermost 1 Mattermost Server 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
CVE-2017-18901 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.
CVE-2019-20850 1 Mattermost 1 Mattermost Mobile 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVE-2016-11084 1 Mattermost 1 Mattermost Server 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
CVE-2017-18914 1 Mattermost 1 Mattermost Server 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.