Mattermost Server Security Vulnerabilities and Issues — Mattermost Server CVE List

Lucene search

MattermostMattermost Server

3 matches found

CVE•added 2023/10/09 11:15 a.m.•52 views

CVE-2023-5331

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.

5.3CVSS4.7AI score0.00167EPSS

CVE•added 2023/10/09 11:15 a.m.•50 views

CVE-2023-5333

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.

6.5CVSS5.3AI score0.00118EPSS

CVE•added 2023/10/09 11:15 a.m.•44 views

CVE-2023-5330

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.

7.5CVSS5.7AI score0.00118EPSS