Mattermost
by Mattermost
Source repositories
CVEs (476)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9548 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | |||
| CVE-2016-11065 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | |||
| CVE-2016-11062 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | |||
| CVE-2017-18921 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page. | |||
| CVE-2017-18920 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | |||
| CVE-2017-18919 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. | |||
| CVE-2017-18913 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. | |||
| CVE-2017-18914 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | |||
| CVE-2017-18910 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | |||
| CVE-2017-18880 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment. | |||
| CVE-2017-18899 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. | |||
| CVE-2017-18882 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data. | |||
| CVE-2017-18881 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command. | |||
| CVE-2018-21252 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups. | |||
| CVE-2018-21256 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command. | |||
| CVE-2018-21264 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | |||
| CVE-2018-21257 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API. | |||
| CVE-2018-21261 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges. | |||
| CVE-2018-21262 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | |||
| CVE-2018-21250 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. |
- CVE-2015-9548Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
- CVE-2016-11065Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
- CVE-2016-11062Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
- CVE-2017-18921Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
- CVE-2017-18920Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
- CVE-2017-18919Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
- CVE-2017-18913Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
- CVE-2017-18914Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
- CVE-2017-18910Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
- CVE-2017-18880Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.
- CVE-2017-18899Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
- CVE-2017-18882Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
- CVE-2017-18881Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
- CVE-2018-21252Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
- CVE-2018-21256Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
- CVE-2018-21264Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
- CVE-2018-21257Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.
- CVE-2018-21261Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.
- CVE-2018-21262Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
- CVE-2018-21250Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
Page 21 of 24