Vulnerabilities (CVE)

Filtered by vendor Mattermost Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 223 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-18894	1 Mattermost	1 Mattermost Server	2020-06-26	5.5 MEDIUM	8.1 HIGH
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
CVE-2017-18892	1 Mattermost	1 Mattermost Server	2020-06-26	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
CVE-2017-18911	1 Mattermost	1 Mattermost Server	2020-06-26	6.4 MEDIUM	9.1 CRITICAL
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.
CVE-2017-18915	1 Mattermost	1 Mattermost Server	2020-06-25	7.5 HIGH	9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
CVE-2017-18919	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
CVE-2017-18916	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
CVE-2017-18914	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
CVE-2015-9548	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	7.5 HIGH
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
CVE-2017-18893	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
CVE-2017-18902	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
CVE-2018-21263	1 Mattermost	1 Mattermost Server	2020-06-25	6.5 MEDIUM	8.8 HIGH
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
CVE-2018-21260	1 Mattermost	1 Mattermost Server	2020-06-25	4.0 MEDIUM	2.7 LOW
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
CVE-2017-18908	1 Mattermost	1 Mattermost Server	2020-06-25	7.5 HIGH	9.8 CRITICAL
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
CVE-2020-14456	1 Mattermost	1 Mattermost Desktop	2020-06-25	7.5 HIGH	7.3 HIGH
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.
CVE-2020-14455	1 Mattermost	1 Mattermost Desktop	2020-06-25	4.3 MEDIUM	6.5 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.
CVE-2020-14454	1 Mattermost	1 Mattermost Desktop	2020-06-25	5.8 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
CVE-2019-20847	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
CVE-2016-11075	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
CVE-2016-11077	1 Mattermost	1 Mattermost Server	2020-06-25	4.0 MEDIUM	2.7 LOW
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
CVE-2016-11078	1 Mattermost	1 Mattermost Server	2020-06-25	4.0 MEDIUM	6.5 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
CVE-2016-11079	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVE-2016-11080	1 Mattermost	1 Mattermost Server	2020-06-25	4.0 MEDIUM	4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVE-2016-11082	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
CVE-2016-11081	1 Mattermost	1 Mattermost Server	2020-06-25	4.0 MEDIUM	4.3 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVE-2016-11083	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
CVE-2017-18905	1 Mattermost	1 Mattermost Server	2020-06-25	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVE-2016-11071	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
CVE-2017-18903	1 Mattermost	1 Mattermost Server	2020-06-25	5.1 MEDIUM	8.8 HIGH
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
CVE-2017-18904	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.
CVE-2017-18910	1 Mattermost	1 Mattermost Server	2020-06-25	4.0 MEDIUM	4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
CVE-2017-18909	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	7.5 HIGH
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
CVE-2016-11063	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVE-2016-11070	1 Mattermost	1 Mattermost Server	2020-06-25	3.5 LOW	5.4 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
CVE-2016-11073	1 Mattermost	1 Mattermost Server	2020-06-25	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVE-2016-11067	1 Mattermost	1 Mattermost Server	2020-06-24	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
CVE-2017-18877	1 Mattermost	1 Mattermost Server	2020-06-24	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
CVE-2016-11068	1 Mattermost	1 Mattermost Server	2020-06-24	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
CVE-2017-18907	1 Mattermost	1 Mattermost Server	2020-06-24	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVE-2017-18913	1 Mattermost	1 Mattermost Server	2020-06-24	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
CVE-2017-18921	1 Mattermost	1 Mattermost Server	2020-06-24	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
CVE-2018-21248	1 Mattermost	1 Mattermost Server	2020-06-24	5.0 MEDIUM	7.5 HIGH
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
CVE-2016-11066	1 Mattermost	1 Mattermost Server	2020-06-24	5.0 MEDIUM	7.5 HIGH
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
CVE-2018-21249	1 Mattermost	1 Mattermost Server	2020-06-23	4.3 MEDIUM	3.7 LOW
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
CVE-2018-21258	1 Mattermost	1 Mattermost Server	2020-06-23	5.0 MEDIUM	7.5 HIGH
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
CVE-2016-11084	1 Mattermost	1 Mattermost Server	2020-06-23	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
CVE-2017-18918	1 Mattermost	1 Mattermost Server	2020-06-23	4.0 MEDIUM	4.9 MEDIUM
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
CVE-2017-18917	1 Mattermost	1 Mattermost Server	2020-06-23	5.0 MEDIUM	7.5 HIGH
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
CVE-2017-18920	1 Mattermost	1 Mattermost Server	2020-06-23	7.5 HIGH	9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
CVE-2016-11076	1 Mattermost	1 Mattermost Server	2020-06-23	5.0 MEDIUM	5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVE-2019-20854	1 Mattermost	1 Mattermost Server	2020-06-23	5.0 MEDIUM	7.5 HIGH
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.

«
1
2
3
4
5
»