Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Total 194 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18921 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
CVE-2018-21248 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
CVE-2016-11066 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
CVE-2018-21249 1 Mattermost 1 Mattermost Server 2020-06-23 4.3 MEDIUM 3.7 LOW
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
CVE-2018-21258 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
CVE-2016-11084 1 Mattermost 1 Mattermost Server 2020-06-23 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
CVE-2017-18918 1 Mattermost 1 Mattermost Server 2020-06-23 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
CVE-2017-18917 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
CVE-2017-18920 1 Mattermost 1 Mattermost Server 2020-06-23 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
CVE-2016-11076 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVE-2019-20854 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVE-2019-20862 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
CVE-2019-20868 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.
CVE-2019-20870 1 Mattermost 1 Mattermost Server 2020-06-23 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVE-2019-20871 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
CVE-2019-20872 1 Mattermost 1 Mattermost Server 2020-06-23 2.1 LOW 5.5 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVE-2019-20889 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
CVE-2019-20886 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
CVE-2019-20882 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
CVE-2019-20857 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.