Mattermost Server@7.10.0 Security Vulnerabilities and Issues — Mattermost Server@7.10.0 CVE List

Lucene search

MattermostMattermost Server7.10.0

11 matches found

CVE•added 2023/07/17 4:15 p.m.•2478 views

CVE-2023-3584

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.

3.1CVSS3.6AI score0.00117EPSS

Web

CVE•added 2023/07/17 4:15 p.m.•2475 views

CVE-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.

8.1CVSS7AI score0.00128EPSS

CVE•added 2023/07/17 4:15 p.m.•35 views

CVE-2023-3593

Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.

6.5CVSS5.2AI score0.00118EPSS

CVE•added 2023/07/17 4:15 p.m.•34 views

CVE-2023-3586

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.

5.4CVSS4.8AI score0.0016EPSS

CVE•added 2023/07/17 4:15 p.m.•33 views

CVE-2023-3590

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.

7.5CVSS5.4AI score0.00288EPSS

CVE•added 2023/07/17 4:15 p.m.•32 views

CVE-2023-3582

Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to,

4.3CVSS4.4AI score0.00123EPSS

CVE•added 2023/07/17 4:15 p.m.•28 views

CVE-2023-3585

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.

4.3CVSS4.5AI score0.00135EPSS

CVE•added 2023/07/17 4:15 p.m.•28 views

CVE-2023-3591

Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.

8.2CVSS6.4AI score0.00199EPSS

CVE•added 2023/07/17 4:15 p.m.•27 views

CVE-2023-3577

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

4.3CVSS4.2AI score0.00158EPSS

CVE•added 2023/07/17 4:15 p.m.•25 views

CVE-2023-3614

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.

4.3CVSS4.3AI score0.0007EPSS

CVE•added 2023/07/17 4:15 p.m.•22 views

CVE-2023-3587

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

2.7CVSS3.3AI score0.0006EPSS