Lucene search

K
MattermostMattermost Server

142 matches found

CVE
CVE
added 2020/06/19 7:15 p.m.32 views

CVE-2017-18874

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.

6.5CVSS6.3AI score0.00716EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.32 views

CVE-2017-18879

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.

6.1CVSS5.9AI score0.00359EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.32 views

CVE-2017-18881

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.

6.1CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.32 views

CVE-2017-18884

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

8.1CVSS8.1AI score0.00209EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.32 views

CVE-2017-18893

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.

6.1CVSS6.2AI score0.00359EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.32 views

CVE-2017-18895

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.

5.3CVSS4.9AI score0.00237EPSS
CVE
CVE
added 2020/06/19 8:15 p.m.32 views

CVE-2017-18918

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.

4.9CVSS5.2AI score0.00098EPSS
CVE
CVE
added 2020/06/19 6:15 p.m.32 views

CVE-2018-21264

An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.

8.8CVSS8.6AI score0.00511EPSS
CVE
CVE
added 2020/06/19 3:15 p.m.32 views

CVE-2019-20855

An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.

7.5CVSS7.2AI score0.00322EPSS
CVE
CVE
added 2020/06/19 3:15 p.m.32 views

CVE-2019-20859

An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.

7.5CVSS7.5AI score0.00322EPSS
CVE
CVE
added 2020/06/19 4:15 p.m.32 views

CVE-2019-20868

An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.

7.5CVSS7.5AI score0.00241EPSS
CVE
CVE
added 2020/06/19 4:15 p.m.32 views

CVE-2019-20871

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.

7.5CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.32 views

CVE-2019-20879

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.

4.3CVSS4.6AI score0.00152EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.32 views

CVE-2019-20880

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.

7.5CVSS7.3AI score0.00389EPSS
CVE
CVE
added 2020/06/19 2:15 p.m.32 views

CVE-2020-14453

An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.

7.5CVSS7.3AI score0.0015EPSS
CVE
CVE
added 2020/06/19 8:15 p.m.31 views

CVE-2016-11067

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.

5.3CVSS5.1AI score0.00377EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.31 views

CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.

4.3CVSS4.6AI score0.00237EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.31 views

CVE-2017-18882

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.

6.1CVSS5.9AI score0.00359EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.31 views

CVE-2017-18887

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.

5.3CVSS5.2AI score0.00237EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.31 views

CVE-2017-18889

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.

4.3CVSS4.6AI score0.00231EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.31 views

CVE-2017-18904

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.

6.1CVSS5.9AI score0.00359EPSS
CVE
CVE
added 2020/06/19 2:15 p.m.31 views

CVE-2019-20845

An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.

7.5CVSS7.2AI score0.00389EPSS
CVE
CVE
added 2020/06/19 3:15 p.m.31 views

CVE-2019-20863

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.

7.5CVSS7.5AI score0.00241EPSS
CVE
CVE
added 2020/06/19 4:15 p.m.31 views

CVE-2019-20866

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.

5.3CVSS5.2AI score0.00206EPSS
CVE
CVE
added 2020/06/19 4:15 p.m.31 views

CVE-2019-20872

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.

5.5CVSS5.4AI score0.00051EPSS
CVE
CVE
added 2020/06/19 4:15 p.m.31 views

CVE-2019-20874

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.

7.5CVSS7.2AI score0.00322EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.31 views

CVE-2019-20883

An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.

4.3CVSS4.5AI score0.00231EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.31 views

CVE-2019-20889

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.

5.3CVSS5.3AI score0.00148EPSS
CVE
CVE
added 2020/06/19 2:15 p.m.31 views

CVE-2020-14450

An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.

7.5CVSS7.3AI score0.00389EPSS
CVE
CVE
added 2020/06/19 2:15 p.m.31 views

CVE-2020-14460

An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.

6.5CVSS6.4AI score0.00231EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2017-18870

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.

4.3CVSS4.6AI score0.00221EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

4.9CVSS5.1AI score0.00182EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.30 views

CVE-2017-18886

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.

8.8CVSS8.6AI score0.00336EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.30 views

CVE-2017-18888

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.

9.8CVSS9.8AI score0.00415EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.30 views

CVE-2017-18903

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.

8.8CVSS8.7AI score0.00171EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.30 views

CVE-2017-18909

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.

7.5CVSS7.5AI score0.00148EPSS
CVE
CVE
added 2020/06/19 7:15 p.m.30 views

CVE-2017-18910

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.

4.3CVSS4.6AI score0.00152EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2018-21248

An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.

7.5CVSS7.6AI score0.00251EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2018-21249

An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.

4.3CVSS4.3AI score0.00237EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2018-21255

An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.

4.3CVSS4.5AI score0.00152EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2018-21262

An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.

7.5CVSS7.3AI score0.00389EPSS
CVE
CVE
added 2020/06/19 2:15 p.m.30 views

CVE-2019-20841

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.

8.8CVSS8.5AI score0.00142EPSS
CVE
CVE
added 2020/06/19 2:15 p.m.30 views

CVE-2019-20844

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.

6.5CVSS6.3AI score0.00131EPSS
CVE
CVE
added 2020/06/19 4:15 p.m.30 views

CVE-2019-20869

An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.

5.3CVSS5.2AI score0.00241EPSS
CVE
CVE
added 2020/06/19 4:15 p.m.30 views

CVE-2019-20870

An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.

4.3CVSS4.6AI score0.00231EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2019-20876

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.

5.5CVSS5.4AI score0.00351EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2019-20878

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.

4.3CVSS4.6AI score0.00226EPSS
CVE
CVE
added 2020/06/19 5:15 p.m.30 views

CVE-2019-20886

An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.

7.5CVSS7.4AI score0.00195EPSS
CVE
CVE
added 2020/06/19 8:15 p.m.29 views

CVE-2016-11071

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.

6.1CVSS5.9AI score0.00359EPSS
CVE
CVE
added 2020/06/19 6:15 p.m.29 views

CVE-2017-18872

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

4.3CVSS4.6AI score0.00152EPSS
Total number of security vulnerabilities142