Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe
Total 323 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18875 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.
CVE-2017-18874 1 Mattermost 1 Mattermost Server 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
CVE-2017-18873 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.
CVE-2017-18872 1 Mattermost 1 Mattermost Server 2024-11-21 3.5 LOW 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
CVE-2017-18871 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.
CVE-2017-18870 1 Mattermost 1 Mattermost Server 2024-11-21 3.5 LOW 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
CVE-2016-11084 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
CVE-2016-11083 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
CVE-2016-11082 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
CVE-2016-11081 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVE-2016-11080 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVE-2016-11079 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVE-2016-11078 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
CVE-2016-11077 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 2.7 LOW
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
CVE-2016-11076 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVE-2016-11075 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
CVE-2016-11074 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVE-2016-11073 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVE-2016-11072 1 Mattermost 1 Mattermost Server 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
CVE-2016-11071 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.