Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Filtered by product Mattermost Server

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3584 1 Mattermost 1 Mattermost Server 2023-07-27 N/A 3.1 LOW
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
CVE-2023-3587 1 Mattermost 1 Mattermost Server 2023-07-27 N/A 2.7 LOW
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
CVE-2023-3613 1 Mattermost 1 Mattermost Server 2023-07-26 N/A 3.5 LOW
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
CVE-2023-3614 1 Mattermost 1 Mattermost Server 2023-07-26 N/A 3.3 LOW
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.
CVE-2018-21260 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 2.7 LOW
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
CVE-2016-11077 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 2.7 LOW
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
CVE-2018-21249 1 Mattermost 1 Mattermost Server 2020-06-23 4.3 MEDIUM 3.7 LOW
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.