VYPR

Mattermost

by Mattermost

Source repositories

CVEs (476)

  • CVE-2019-20880Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.

  • CVE-2019-20877Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.

  • CVE-2019-20876Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.

  • CVE-2019-20875Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.

  • CVE-2019-20874Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.

  • CVE-2019-20873Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.

  • CVE-2019-20872Jun 19, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.

  • CVE-2019-20870Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.

  • CVE-2019-20869Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.

  • CVE-2019-20868Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.

  • CVE-2019-20867Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.

  • CVE-2019-20866Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.

  • CVE-2019-20865Jun 19, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.

  • CVE-2019-20863Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.

  • CVE-2019-20862Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.

  • CVE-2019-20860Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.

  • CVE-2019-20859Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.

  • CVE-2019-20858Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.

  • CVE-2019-20857Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.

  • CVE-2019-20855Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.

Page 23 of 24