Filtered by vendor Mattermost
Subscriptions
Filtered by product Mattermost Server
Subscriptions
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21260 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 2.7 Low |
| An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy. | ||||
| CVE-2017-18908 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. | ||||
| CVE-2019-20847 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. | ||||
| CVE-2016-11075 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | ||||
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 2.7 Low |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | ||||
| CVE-2016-11078 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | ||||
| CVE-2016-11079 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | ||||
| CVE-2016-11080 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | ||||
| CVE-2016-11081 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | ||||
| CVE-2016-11082 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | ||||
| CVE-2016-11083 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | ||||
| CVE-2017-18905 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | ||||
| CVE-2016-11071 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | ||||
| CVE-2017-18903 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | ||||
| CVE-2017-18904 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. | ||||
| CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 7.5 High |
| An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | ||||
| CVE-2017-18910 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | ||||
| CVE-2016-11063 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | ||||
| CVE-2016-11070 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.4 Medium |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | ||||
| CVE-2016-11073 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | ||||