Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 133 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18902 1 Mattermost 1 Mattermost Server 2020-06-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
CVE-2020-14455 1 Mattermost 1 Mattermost Desktop 2020-06-25 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
CVE-2020-14454 1 Mattermost 1 Mattermost Desktop 2020-06-25 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
CVE-2019-20847 1 Mattermost 1 Mattermost Server 2020-06-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
CVE-2016-11075 1 Mattermost 1 Mattermost Server 2020-06-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
CVE-2016-11078 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
CVE-2016-11079 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVE-2016-11080 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVE-2016-11083 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
CVE-2016-11081 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVE-2016-11082 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
CVE-2017-18905 1 Mattermost 1 Mattermost Server 2020-06-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVE-2016-11071 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
CVE-2017-18904 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.
CVE-2017-18910 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
CVE-2016-11063 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVE-2016-11070 1 Mattermost 1 Mattermost Server 2020-06-25 3.5 LOW 5.4 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
CVE-2016-11073 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVE-2016-11067 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
CVE-2017-18877 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
CVE-2016-11068 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
CVE-2017-18907 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVE-2017-18913 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
CVE-2017-18921 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
CVE-2016-11084 1 Mattermost 1 Mattermost Server 2020-06-23 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
CVE-2017-18918 1 Mattermost 1 Mattermost Server 2020-06-23 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
CVE-2016-11076 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVE-2019-20870 1 Mattermost 1 Mattermost Server 2020-06-23 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVE-2019-20872 1 Mattermost 1 Mattermost Server 2020-06-23 2.1 LOW 5.5 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVE-2019-20889 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
CVE-2019-20882 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
CVE-2019-20844 1 Mattermost 1 Mattermost Server 2020-06-19 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
CVE-2020-14452 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.