Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe
Total 323 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18895 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
CVE-2017-18894 1 Mattermost 1 Mattermost Server 2024-11-21 5.5 MEDIUM 8.1 HIGH
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
CVE-2017-18893 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
CVE-2017-18892 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
CVE-2017-18891 1 Mattermost 1 Mattermost Server 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.
CVE-2017-18890 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
CVE-2017-18889 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.
CVE-2017-18888 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
CVE-2017-18887 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.
CVE-2017-18886 1 Mattermost 1 Mattermost Server 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.
CVE-2017-18885 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.
CVE-2017-18884 1 Mattermost 1 Mattermost Server 2024-11-21 5.5 MEDIUM 8.1 HIGH
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.
CVE-2017-18883 1 Mattermost 1 Mattermost Server 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
CVE-2017-18882 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
CVE-2017-18881 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
CVE-2017-18880 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.
CVE-2017-18879 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
CVE-2017-18878 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
CVE-2017-18877 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
CVE-2017-18876 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.