Mattermost Security Vulnerabilities
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka...
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka...
6.5CVSS
6.5AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka...
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka...
7.5CVSS
7.1AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka...
7.5CVSS
7.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover...
8.8CVSS
8.5AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration...
7.5CVSS
7.5AI Score
0.002EPSS
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a...
5.3CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a...
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via...
7.2CVSS
7.4AI Score
0.001EPSS
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file...
7.5CVSS
7.5AI Score
0.002EPSS
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack...
7.5CVSS
7.2AI Score
0.001EPSS
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a...
5.3CVSS
5.2AI Score
0.001EPSS