mattermost

576 tracked vulnerabilities.

CVE-2019-20847 MEDIUM
Mattermost Server <5.18.0 - Info Disclosure
Jun 19, 2020
CVSS 5.3
EPSS 0.00
CVE-2019-20846 HIGH
Mattermost Server <5.18.0 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.00
CVE-2019-20845 HIGH
Mattermost Server < 5.18.0 - Denial of Service via Large Slack Import
Jun 19, 2020
CVSS 7.5
EPSS 0.00
CVE-2019-20844 MEDIUM
Mattermost Server <5.18.0-5.9.7 - Info Disclosure
Jun 19, 2020
CVSS 6.5
EPSS 0.00
CVE-2019-20843 HIGH
Mattermost Server <5.18.0-5.9.7 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.00
CVE-2019-20842 HIGH
Mattermost Server < 5.9.7 - Authenticated SQL Injection via SearchAllChannels
Jun 19, 2020
CVSS 7.2
EPSS 0.00
CVE-2019-20841 HIGH
Mattermost Server < 5.9.7 - Cross-Site Request Forgery
Jun 19, 2020
CVSS 8.8
EPSS 0.00
CVE-2018-21264 HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - SAML Response Expiration Bypass
Jun 19, 2020
CVSS 8.8
EPSS 0.01
CVE-2018-21256 MEDIUM
Mattermost Server < 5.1.0 - Unauthenticated Group Message Channel Creation via Slash Command
Jun 19, 2020
CVSS 4.3
EPSS 0.00
CVE-2018-21252 MEDIUM
Mattermost Server < 4.10.3, 5.0.3, 5.1.1, 5.2 - Unauthenticated Signup Policy Bypass via Multiple Email Addresses
Jun 19, 2020
CVSS 4.3
EPSS 0.00
CVE-2018-21265 MEDIUM
Mattermost Desktop App < 4.0.0 - Incorrect Permission Assignment for Critical Resource via setPermissionRequestHandler
Jun 19, 2020
CVSS 5.3
EPSS 0.00
CVE-2018-21263 HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - Unauthenticated Account Takeover via SAML Response
Jun 19, 2020
CVSS 8.8
EPSS 0.00
CVE-2018-21262 HIGH
Mattermost Server < 4.7.3 - Denial of Service via Invalid LaTeX Text
Jun 19, 2020
CVSS 7.5
EPSS 0.00
CVE-2018-21261 MEDIUM
Mattermost Server 4.6.0-4.6.2 - Unintended Excessive Invitation Privileges via Email Invite
Jun 19, 2020
CVSS 4.3
EPSS 0.00
CVE-2018-21260 LOW
Mattermost Server 4.6.0-4.6.2 - Exposure of Sensitive Information via WebSocket Events
Jun 19, 2020
CVSS 2.7
EPSS 0.00
CVE-2018-21259 MEDIUM
Mattermost Server < 4.8.2 - Denial of Service via Malformed Channel Link
Jun 19, 2020
CVSS 5.3
EPSS 0.00
CVE-2018-21258 HIGH
Mattermost Server < 5.1.0 - Denial of Service via Invite People Slash Command
Jun 19, 2020
CVSS 7.5
EPSS 0.00
CVE-2018-21257 MEDIUM
Mattermost Server < 5.1.0 - Missing Authorization via Channel Header Slash Command API
Jun 19, 2020
CVSS 5.3
EPSS 0.00
CVE-2018-21255 MEDIUM
Mattermost Server < 5.1.0 - Unauthenticated Channel Modification via Channel PATCH API
Jun 19, 2020
CVSS 4.3
EPSS 0.00
CVE-2018-21254 MEDIUM
Mattermost Server < 5.1.0 - Unauthenticated Access Control Bypass via Message Slash Command
Jun 19, 2020
CVSS 4.3
EPSS 0.00
CVE-2018-21253 MEDIUM
Mattermost Server < 4.10.2, 5.0.2, 5.1 - Incorrect Permission Assignment via Invite People Slash Command
Jun 19, 2020
CVSS 4.3
EPSS 0.00
CVE-2018-21251 CRITICAL
Mattermost Server < 5.2 and < 5.1.1 - Missing Authorization via Channel Name Mismatch
Jun 19, 2020
CVSS 9.8
EPSS 0.00
CVE-2018-21250 MEDIUM
Mattermost Server < 4.10.4 - Denial of Service via Crafted Image Dimensions
Jun 19, 2020
CVSS 6.5
EPSS 0.00
CVE-2018-21249 LOW
Mattermost Server <5.3.0 - Info Disclosure
Jun 19, 2020
CVSS 3.7
EPSS 0.00
CVE-2018-21248 HIGH
Mattermost Server < 5.4.0 - Insufficiently Protected Credentials
Jun 19, 2020
CVSS 7.5
EPSS 0.00
Products
mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 75 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1
Quick Filters
Critical CVEs With Exploits In CISA KEV