Filtered by vendor Mattermost
Subscribe
Total
280 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20844 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. | |||||
CVE-2019-20845 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import. | |||||
CVE-2017-18920 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | |||||
CVE-2017-18874 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. | |||||
CVE-2019-20875 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. | |||||
CVE-2019-20867 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post. | |||||
CVE-2017-18911 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | |||||
CVE-2020-14451 | 2 Apple, Mattermost | 2 Iphone Os, Mattermost Mobile | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. | |||||
CVE-2020-14459 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. | |||||
CVE-2019-20890 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. | |||||
CVE-2017-18891 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. | |||||
CVE-2018-21260 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. | |||||
CVE-2016-11083 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | |||||
CVE-2019-20846 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | |||||
CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | |||||
CVE-2017-18889 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. | |||||
CVE-2017-18910 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | |||||
CVE-2019-20869 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel. | |||||
CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | |||||
CVE-2017-18887 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members. |