VYPR

Go modules package

github.com/mattermost/mattermost-server

pkg:golang/github.com/mattermost/mattermost-server

Vulnerabilities (161)

  • CVE-2017-18917HigJun 19, 2020
    affected < 3.7.5-0.20170421192444-247cd1e51a8cfixed 3.7.5-0.20170421192444-247cd1e51a8c

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

  • CVE-2017-18916MedJun 19, 2020
    affected < 3.6.7-0.20170420152529-0968e4079e0afixed 3.6.7-0.20170420152529-0968e4079e0a

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.

  • CVE-2017-18915CriJun 19, 2020
    affected < 3.6.7-0.20170420152529-0968e4079e0afixed 3.6.7-0.20170420152529-0968e4079e0a

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.

  • CVE-2017-18908CriJun 19, 2020
    affected < 3.9.1-rc1fixed 3.9.1-rc1

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.

  • CVE-2017-18907MedJun 19, 2020
    affected < 3.9.2-0.20170714014920-312269ad0bd1fixed 3.9.2-0.20170714014920-312269ad0bd1

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.

  • CVE-2017-18906HigJun 19, 2020
    affected < 3.9.2-0.20170714134023-b17fca0d5ee7fixed 3.9.2-0.20170714134023-b17fca0d5ee7

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.

  • CVE-2017-18905MedJun 19, 2020
    affected < 3.9.2fixed 3.9.2

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

  • CVE-2016-11084MedJun 19, 2020
    affected < 2.1.0fixed 2.1.0

    An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.

  • CVE-2016-11083MedJun 19, 2020
    affected < 2.2.0fixed 2.2.0

    An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.

  • CVE-2016-11082MedJun 19, 2020
    affected < 2.2.0fixed 2.2.0

    An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.

  • CVE-2016-11081MedJun 19, 2020
    affected < 2.2.0fixed 2.2.0

    An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.

  • CVE-2016-11080MedJun 19, 2020
    affected < 3.0.0fixed 3.0.0

    An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

  • CVE-2016-11079MedJun 19, 2020
    affected < 3.0.0fixed 3.0.0

    An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.

  • CVE-2016-11078MedJun 19, 2020
    affected < 3.0.0fixed 3.0.0

    An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.

  • CVE-2016-11077LowJun 19, 2020
    affected < 3.0.0fixed 3.0.0

    An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.

  • CVE-2016-11076MedJun 19, 2020
    affected < 3.0.0fixed 3.0.0

    An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.

  • CVE-2016-11075MedJun 19, 2020
    affected < 2.0.1-0.20160310160916-26ad6d2c7696fixed 2.0.1-0.20160310160916-26ad6d2c7696

    An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.

  • CVE-2016-11074CriJun 19, 2020
    affected < 3.0.0fixed 3.0.0

    An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.

  • CVE-2016-11073MedJun 19, 2020
    affected < 3.0.0fixed 3.0.0

    An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.

  • CVE-2016-11072MedJun 19, 2020
    affected < 3.0.2fixed 3.0.2

    An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.

Page 6 of 9