Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Filtered by product Mattermost Server
Total 253 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14457 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.
CVE-2019-20878 1 Mattermost 1 Mattermost Server 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.
CVE-2019-20883 1 Mattermost 1 Mattermost Server 2021-07-21 3.5 LOW 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.
CVE-2019-20880 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
CVE-2019-20881 1 Mattermost 1 Mattermost Server 2021-07-21 7.5 HIGH 7.3 HIGH
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.
CVE-2020-14458 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
CVE-2019-20859 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.
CVE-2019-20876 1 Mattermost 1 Mattermost Server 2021-07-21 5.5 MEDIUM 5.4 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.
CVE-2019-20885 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.
CVE-2019-20877 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.
CVE-2019-20879 1 Mattermost 1 Mattermost Server 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
CVE-2019-20869 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
CVE-2020-14460 1 Mattermost 1 Mattermost Server 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
CVE-2019-20841 1 Mattermost 1 Mattermost Server 2021-04-12 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
CVE-2017-18883 1 Mattermost 1 Mattermost Server 2020-07-02 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
CVE-2017-18884 1 Mattermost 1 Mattermost Server 2020-06-30 5.5 MEDIUM 8.1 HIGH
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.
CVE-2017-18878 1 Mattermost 1 Mattermost Server 2020-06-30 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
CVE-2018-21264 1 Mattermost 1 Mattermost Server 2020-06-30 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
CVE-2018-21256 1 Mattermost 1 Mattermost Server 2020-06-30 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
CVE-2018-21252 1 Mattermost 1 Mattermost Server 2020-06-30 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.