Filtered by vendor Mattermost
Subscribe
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20853 | 1 Mattermost | 1 Mattermost Packages | 2020-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem. | |||||
| CVE-2017-18873 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post. | |||||
| CVE-2017-18874 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. | |||||
| CVE-2018-21250 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. | |||||
| CVE-2019-20866 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled. | |||||
| CVE-2019-20848 | 1 Mattermost | 1 Mattermost Mobile | 2020-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. | |||||
| CVE-2019-20860 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document. | |||||
| CVE-2017-18906 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.9 MEDIUM | 8.1 HIGH |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account. | |||||
| CVE-2017-18870 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case. | |||||
| CVE-2017-18891 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. | |||||
| CVE-2017-18876 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file. | |||||
| CVE-2017-18875 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files. | |||||
| CVE-2017-18890 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request. | |||||
| CVE-2018-21253 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. | |||||
| CVE-2018-21251 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. | |||||
| CVE-2017-18886 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands. | |||||
| CVE-2017-18889 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. | |||||
| CVE-2017-18880 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. | |||||
| CVE-2017-18879 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. | |||||
| CVE-2017-18885 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf. | |||||