Filtered by vendor Mattermost
Subscribe
Total
287 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20884 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post. | |||||
CVE-2019-20888 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. | |||||
CVE-2019-20865 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. | |||||
CVE-2017-18888 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts. | |||||
CVE-2019-20886 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. | |||||
CVE-2017-18883 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data. | |||||
CVE-2017-18890 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request. |