mattermost

607 tracked vulnerabilities.

CVE-2019-20853 CRITICAL
Mattermost Packages < 5.16.3 - Exposure of Resource to Wrong Sphere
Jun 19, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-20852 HIGH
Mattermost Mobile < 1.26.0 - Sensitive Information Exposure in Local Logs
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20851 CRITICAL
Mattermost Mobile Apps < 1.26.0 - Path Traversal and Arbitrary File Write via Video Preview Feature
Jun 19, 2020
CVSS 9.1
EPSS 0.01
CVE-2019-20850 MEDIUM
Mattermost Mobile Apps <1.26.0 - Info Disclosure
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-20849 MEDIUM
Mattermost Mobile Apps <1.26.0 - Info Disclosure
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-20848 HIGH
Mattermost Mobile Apps < 1.26.0 - Improper Input Validation in Quick Reply Feature
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20847 MEDIUM
Mattermost Server <5.18.0 - Info Disclosure
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-20846 HIGH
Mattermost Server <5.18.0 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20845 HIGH
Mattermost Server < 5.18.0 - Denial of Service via Large Slack Import
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20844 MEDIUM
Mattermost Server <5.18.0-5.9.7 - Info Disclosure
Jun 19, 2020
CVSS 6.5
EPSS 0.00
CVE-2019-20843 HIGH
Mattermost Server <5.18.0-5.9.7 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20842 HIGH
Mattermost Server < 5.9.7 - Authenticated SQL Injection via SearchAllChannels
Jun 19, 2020
CVSS 7.2
EPSS 0.01
CVE-2019-20841 HIGH
Mattermost Server < 5.9.7 - Cross-Site Request Forgery
Jun 19, 2020
CVSS 8.8
EPSS 0.00
CVE-2018-21264 HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - SAML Response Expiration Bypass
Jun 19, 2020
CVSS 8.8
EPSS 0.01
CVE-2018-21256 MEDIUM
Mattermost Server < 5.1.0 - Unauthenticated Group Message Channel Creation via Slash Command
Jun 19, 2020
CVSS 4.3
EPSS 0.01
CVE-2018-21252 MEDIUM
Mattermost Server < 4.10.3, 5.0.3, 5.1.1, 5.2 - Unauthenticated Signup Policy Bypass via Multiple Email Addresses
Jun 19, 2020
CVSS 4.3
EPSS 0.01
CVE-2018-21265 MEDIUM
Mattermost Desktop App < 4.0.0 - Incorrect Permission Assignment for Critical Resource via setPermissionRequestHandler
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2018-21263 HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - Unauthenticated Account Takeover via SAML Response
Jun 19, 2020
CVSS 8.8
EPSS 0.01
CVE-2018-21262 HIGH
Mattermost Server < 4.7.3 - Denial of Service via Invalid LaTeX Text
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2018-21261 MEDIUM
Mattermost Server 4.6.0-4.6.2 - Unintended Excessive Invitation Privileges via Email Invite
Jun 19, 2020
CVSS 4.3
EPSS 0.01
CVE-2018-21260 LOW
Mattermost Server 4.6.0-4.6.2 - Exposure of Sensitive Information via WebSocket Events
Jun 19, 2020
CVSS 2.7
EPSS 0.01
CVE-2018-21259 MEDIUM
Mattermost Server < 4.8.2 - Denial of Service via Malformed Channel Link
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2018-21258 HIGH
Mattermost Server < 5.1.0 - Denial of Service via Invite People Slash Command
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2018-21257 MEDIUM
Mattermost Server < 5.1.0 - Missing Authorization via Channel Header Slash Command API
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2018-21255 MEDIUM
Mattermost Server < 5.1.0 - Unauthenticated Channel Modification via Channel PATCH API
Jun 19, 2020
CVSS 4.3
EPSS 0.01