Filtered by vendor Mattermost Subscriptions
Filtered by product Mattermost Server Subscriptions
Total 199 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-11062 1 Mattermost 1 Mattermost Server 2020-06-26 5.3 Medium
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
CVE-2016-11072 1 Mattermost 1 Mattermost Server 2020-06-26 6.5 Medium
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
CVE-2016-11074 1 Mattermost 1 Mattermost Server 2020-06-26 9.8 Critical
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVE-2017-18912 1 Mattermost 1 Mattermost Server 2020-06-26 9.8 Critical
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.
CVE-2017-18901 1 Mattermost 1 Mattermost Server 2020-06-26 5.3 Medium
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.
CVE-2017-18900 1 Mattermost 1 Mattermost Server 2020-06-26 9.8 Critical
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
CVE-2017-18899 1 Mattermost 1 Mattermost Server 2020-06-26 5.3 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
CVE-2017-18896 1 Mattermost 1 Mattermost Server 2020-06-26 5.3 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
CVE-2017-18895 1 Mattermost 1 Mattermost Server 2020-06-26 5.3 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
CVE-2017-18894 1 Mattermost 1 Mattermost Server 2020-06-26 8.1 High
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
CVE-2017-18892 1 Mattermost 1 Mattermost Server 2020-06-26 6.1 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
CVE-2017-18911 1 Mattermost 1 Mattermost Server 2020-06-26 9.1 Critical
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.
CVE-2017-18915 1 Mattermost 1 Mattermost Server 2020-06-25 9.8 Critical
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
CVE-2017-18916 1 Mattermost 1 Mattermost Server 2020-06-25 5.3 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
CVE-2017-18919 1 Mattermost 1 Mattermost Server 2020-06-25 5.3 Medium
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
CVE-2017-18914 1 Mattermost 1 Mattermost Server 2020-06-25 5.3 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
CVE-2015-9548 1 Mattermost 1 Mattermost Server 2020-06-25 7.5 High
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
CVE-2017-18893 1 Mattermost 1 Mattermost Server 2020-06-25 6.1 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
CVE-2017-18902 1 Mattermost 1 Mattermost Server 2020-06-25 5.3 Medium
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
CVE-2018-21263 1 Mattermost 1 Mattermost Server 2020-06-25 8.8 High
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.