Mattermost Server@3.10.0 Security Vulnerabilities and Issues — Mattermost Server@3.10.0 CVE List

Lucene search

MattermostMattermost Server3.10.0

6 matches found

CVE•added 2020/06/19 8:15 p.m.•41 views

CVE-2017-18907

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.

6.1CVSS5.8AI score0.00359EPSS

CVE•added 2020/06/19 8:15 p.m.•38 views

CVE-2017-18905

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

5.3CVSS5.3AI score0.00195EPSS

CVE•added 2020/06/19 8:15 p.m.•35 views

CVE-2017-18906

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.

8.1CVSS8AI score0.00209EPSS

CVE•added 2020/06/19 8:15 p.m.•35 views

CVE-2017-18908

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.

9.8CVSS9.3AI score0.00408EPSS

CVE•added 2020/06/19 7:15 p.m.•33 views

CVE-2017-18904

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.

6.1CVSS5.9AI score0.00359EPSS

CVE•added 2020/06/19 7:15 p.m.•31 views

CVE-2017-18903

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.

8.8CVSS8.7AI score0.00171EPSS