Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Total 288 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18917 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
CVE-2017-18918 1 Mattermost 1 Mattermost Server 2020-06-23 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
CVE-2017-18920 1 Mattermost 1 Mattermost Server 2020-06-23 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
CVE-2016-11076 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVE-2019-20854 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVE-2019-20862 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
CVE-2019-20868 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.
CVE-2019-20870 1 Mattermost 1 Mattermost Server 2020-06-23 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVE-2019-20871 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
CVE-2019-20872 1 Mattermost 1 Mattermost Server 2020-06-23 2.1 LOW 5.5 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVE-2019-20889 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
CVE-2019-20886 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
CVE-2019-20882 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
CVE-2019-20857 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVE-2019-20858 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVE-2019-20865 1 Mattermost 1 Mattermost Server 2020-06-23 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
CVE-2020-14448 1 Mattermost 1 Mattermost Server 2020-06-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.
CVE-2018-21262 1 Mattermost 1 Mattermost Server 2020-06-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
CVE-2019-20888 1 Mattermost 1 Mattermost Server 2020-06-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.
CVE-2020-14450 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.