Mattermost
by Mattermost
Source repositories
CVEs (476)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20854 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. | |||
| CVE-2019-20853 | 0.00 | — | 0.02 | Jun 19, 2020 | An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem. | |||
| CVE-2019-20847 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. | |||
| CVE-2019-20846 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | |||
| CVE-2019-20845 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import. | |||
| CVE-2019-20844 | 0.00 | — | 0.00 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. | |||
| CVE-2019-20843 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | |||
| CVE-2019-20842 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels. | |||
| CVE-2019-20841 | 0.00 | — | 0.00 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. | |||
| CVE-2020-14460 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001. | |||
| CVE-2020-14459 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. | |||
| CVE-2020-14458 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004. | |||
| CVE-2020-14453 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. | |||
| CVE-2020-14452 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. | |||
| CVE-2020-14450 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. | |||
| CVE-2020-14448 | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. |
- CVE-2019-20854Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
- CVE-2019-20853Jun 19, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem.
- CVE-2019-20847Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
- CVE-2019-20846Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
- CVE-2019-20845Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
- CVE-2019-20844Jun 19, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
- CVE-2019-20843Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
- CVE-2019-20842Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
- CVE-2019-20841Jun 19, 2020risk 0.00cvss —epss 0.00
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
- CVE-2020-14460Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
- CVE-2020-14459Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
- CVE-2020-14458Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
- CVE-2020-14453Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.
- CVE-2020-14452Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.
- CVE-2020-14450Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.
- CVE-2020-14448Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.
Page 24 of 24