VYPR

Mattermost

by Mattermost

Source repositories

CVEs (476)

  • CVE-2019-20854Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.

  • CVE-2019-20853Jun 19, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem.

  • CVE-2019-20847Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.

  • CVE-2019-20846Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.

  • CVE-2019-20845Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.

  • CVE-2019-20844Jun 19, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.

  • CVE-2019-20843Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.

  • CVE-2019-20842Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.

  • CVE-2019-20841Jun 19, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.

  • CVE-2020-14460Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.

  • CVE-2020-14459Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.

  • CVE-2020-14458Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.

  • CVE-2020-14453Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.

  • CVE-2020-14452Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.

  • CVE-2020-14450Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.

  • CVE-2020-14448Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.

Page 24 of 24