Mattermost Server Security Vulnerabilities
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.
7.5CVSS
7.2AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.
7.5CVSS
7.5AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.
5.5CVSS
5.4AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
4.3CVSS
4.6AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
5.5CVSS
5.4AI Score
0.0004EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.
6.5CVSS
6.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.
7.5CVSS
7.2AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.
5.3CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.
5.4CVSS
5.4AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.
5.3CVSS
5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.
4.3CVSS
4.6AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
4.3CVSS
4.6AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.
7.3CVSS
7.1AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.
4.3CVSS
4.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.
7.5CVSS
7.4AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.
4.3CVSS
4.6AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
5.3CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.
4.3CVSS
4.6AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.
5.3CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
7.5CVSS
7.5AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
6.5CVSS
6.4AI Score
0.001EPSS
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.
5.4CVSS
5.4AI Score
0.001EPSS
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.
5.7CVSS
5.3AI Score
0.001EPSS
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.
7.5CVSS
7.5AI Score
0.001EPSS
A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.
6.5CVSS
6AI Score
0.001EPSS
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
4.3CVSS
4.4AI Score
0.001EPSS
The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.
6.5CVSS
6.2AI Score
0.001EPSS
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
8.8CVSS
8.5AI Score
0.001EPSS
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
4.6CVSS
4.4AI Score
0.001EPSS