Mattermost Server@9.3.0 Security Vulnerabilities and Issues — Mattermost Server@9.3.0 CVE List

Lucene search

MattermostMattermost Server9.3.0

3 matches found

CVE•added 2024/02/29 11:15 a.m.•185 views

CVE-2024-1953

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.

4.3CVSS4.5AI score0.00132EPSS

CVE•added 2024/02/29 11:15 a.m.•160 views

CVE-2024-1942

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.

4.3CVSS4.3AI score0.00226EPSS

CVE•added 2024/02/29 8:15 a.m.•81 views

CVE-2024-23493

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.

6.5CVSS4.3AI score0.00158EPSS