Filtered by vendor Mattermost
Subscribe
Total
287 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20868 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. | |||||
CVE-2017-18911 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | |||||
CVE-2019-20845 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import. | |||||
CVE-2016-11083 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | |||||
CVE-2019-20852 | 1 Mattermost | 1 Mattermost Mobile | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). | |||||
CVE-2020-13891 | 1 Mattermost | 1 Mattermost | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. | |||||
CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | |||||
CVE-2016-11071 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | |||||
CVE-2017-18884 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. | |||||
CVE-2017-18908 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | |||||
CVE-2019-20866 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled. | |||||
CVE-2019-20874 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. | |||||
CVE-2016-11079 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | |||||
CVE-2019-20863 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. | |||||
CVE-2019-20887 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. | |||||
CVE-2017-18885 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf. | |||||
CVE-2017-18901 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. | |||||
CVE-2019-20861 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. | |||||
CVE-2017-18882 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. | |||||
CVE-2017-18904 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. |