Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Filtered by product Mattermost Server
Total 198 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20843 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
CVE-2019-20871 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
CVE-2016-11081 1 Mattermost 1 Mattermost Server 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVE-2017-18886 1 Mattermost 1 Mattermost Server 2024-02-04 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.
CVE-2019-20885 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.
CVE-2019-20857 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVE-2020-14460 1 Mattermost 1 Mattermost Server 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
CVE-2017-18914 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
CVE-2019-20872 1 Mattermost 1 Mattermost Server 2024-02-04 2.1 LOW 5.5 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVE-2019-20858 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVE-2016-11075 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
CVE-2018-21259 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.
CVE-2018-21263 1 Mattermost 1 Mattermost Server 2024-02-04 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
CVE-2016-11062 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
CVE-2019-20842 1 Mattermost 1 Mattermost Server 2024-02-04 6.5 MEDIUM 7.2 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
CVE-2017-18879 1 Mattermost 1 Mattermost Server 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
CVE-2016-11074 1 Mattermost 1 Mattermost Server 2024-02-04 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVE-2019-20880 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
CVE-2017-18906 1 Mattermost 1 Mattermost Server 2024-02-04 4.9 MEDIUM 8.1 HIGH
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
CVE-2020-14447 1 Mattermost 1 Mattermost Server 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.