Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Total 288 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20846 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
CVE-2019-20844 1 Mattermost 1 Mattermost Server 2020-06-19 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
CVE-2019-20842 1 Mattermost 1 Mattermost Server 2020-06-19 6.5 MEDIUM 7.2 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
CVE-2019-20843 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
CVE-2020-14447 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.
CVE-2020-14459 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
CVE-2020-14453 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.
CVE-2020-14452 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.