Filtered by vendor Mattermost
Subscribe
Total
287 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18903 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.1 MEDIUM | 8.8 HIGH |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | |||||
CVE-2017-18875 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. | |||||
CVE-2018-21256 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command. | |||||
CVE-2019-20876 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. | |||||
CVE-2020-14457 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012. | |||||
CVE-2019-20864 | 1 Mattermost | 1 Mattermost Plugins | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account. | |||||
CVE-2016-11078 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | |||||
CVE-2018-21252 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. | |||||
CVE-2017-18891 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. | |||||
CVE-2016-11067 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | |||||
CVE-2019-20877 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled. | |||||
CVE-2019-20860 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document. | |||||
CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | |||||
CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |||||
CVE-2019-20890 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. | |||||
CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | |||||
CVE-2019-20867 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post. | |||||
CVE-2019-20850 | 1 Mattermost | 1 Mattermost Mobile | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. | |||||
CVE-2018-21249 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | |||||
CVE-2019-20873 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. |