Filtered by vendor Mattermost
Subscribe
Total
280 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20883 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post. | |||||
CVE-2020-14457 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012. | |||||
CVE-2019-20880 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph. | |||||
CVE-2017-18917 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens. | |||||
CVE-2019-20868 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. | |||||
CVE-2017-18875 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. | |||||
CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |||||
CVE-2017-18905 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | |||||
CVE-2016-11063 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | |||||
CVE-2017-18913 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. | |||||
CVE-2019-20888 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. | |||||
CVE-2019-20861 | 1 Mattermost | 1 Mattermost Desktop | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | |||||
CVE-2016-11082 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | |||||
CVE-2019-20881 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. | |||||
CVE-2016-11074 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | |||||
CVE-2017-18870 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 3.5 LOW | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. | |||||
CVE-2019-20877 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled. | |||||
CVE-2019-20878 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. | |||||
CVE-2019-20849 | 1 Mattermost | 1 Mattermost Mobile | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | |||||
CVE-2018-21249 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. |