Mattermost Server@4.3.0 Security Vulnerabilities and Issues — Mattermost Server@4.3.0 CVE List

Lucene search

MattermostMattermost Server4.3.0

18 matches found

CVE•added 2020/06/19 7:15 p.m.•51 views

CVE-2017-18885

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.

9.8CVSS9.5AI score0.00408EPSS

CVE•added 2020/06/19 7:15 p.m.•38 views

CVE-2017-18880

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.

6.1CVSS5.9AI score0.00359EPSS

CVE•added 2020/06/19 7:15 p.m.•38 views

CVE-2017-18883

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

9.1CVSS9.2AI score0.00313EPSS

CVE•added 2020/06/19 7:15 p.m.•34 views

CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.

4.3CVSS4.5AI score0.00255EPSS

CVE•added 2020/06/19 5:15 p.m.•33 views

CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.

4.9CVSS5.1AI score0.00258EPSS

CVE•added 2020/06/19 7:15 p.m.•32 views

CVE-2017-18874

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.

6.5CVSS6.3AI score0.00716EPSS

CVE•added 2020/06/19 7:15 p.m.•32 views

CVE-2017-18879

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.

6.1CVSS5.9AI score0.00359EPSS

CVE•added 2020/06/19 7:15 p.m.•32 views

CVE-2017-18881

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.

6.1CVSS5.8AI score0.00359EPSS

CVE•added 2020/06/19 7:15 p.m.•32 views

CVE-2017-18884

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

8.1CVSS8.1AI score0.00209EPSS

CVE•added 2020/06/19 7:15 p.m.•31 views

CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.

4.3CVSS4.6AI score0.00237EPSS

CVE•added 2020/06/19 7:15 p.m.•31 views

CVE-2017-18882

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.

6.1CVSS5.9AI score0.00359EPSS

CVE•added 2020/06/19 7:15 p.m.•31 views

CVE-2017-18887

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.

5.3CVSS5.2AI score0.00237EPSS

CVE•added 2020/06/19 7:15 p.m.•31 views

CVE-2017-18889

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.

4.3CVSS4.6AI score0.00231EPSS

CVE•added 2020/06/19 5:15 p.m.•30 views

CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

4.9CVSS5.1AI score0.00182EPSS

CVE•added 2020/06/19 7:15 p.m.•30 views

CVE-2017-18886

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.

8.8CVSS8.6AI score0.00336EPSS

CVE•added 2020/06/19 7:15 p.m.•30 views

CVE-2017-18888

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.

9.8CVSS9.8AI score0.00415EPSS

CVE•added 2020/06/19 6:15 p.m.•29 views

CVE-2017-18873

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.

5.3CVSS5.1AI score0.00377EPSS

CVE•added 2020/06/19 5:15 p.m.•28 views

CVE-2017-18877

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.

6.1CVSS5.9AI score0.00359EPSS