mattermost
607 tracked vulnerabilities.
CVE-2019-20853
CRITICAL
Mattermost Packages < 5.16.3 - Exposure of Resource to Wrong Sphere
Jun 19, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-20852
HIGH
Mattermost Mobile < 1.26.0 - Sensitive Information Exposure in Local Logs
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20851
CRITICAL
Mattermost Mobile Apps < 1.26.0 - Path Traversal and Arbitrary File Write via Video Preview Feature
Jun 19, 2020
CVSS 9.1
EPSS 0.01
CVE-2019-20850
MEDIUM
Mattermost Mobile Apps <1.26.0 - Info Disclosure
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-20849
MEDIUM
Mattermost Mobile Apps <1.26.0 - Info Disclosure
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-20848
HIGH
Mattermost Mobile Apps < 1.26.0 - Improper Input Validation in Quick Reply Feature
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20847
MEDIUM
Mattermost Server <5.18.0 - Info Disclosure
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2019-20846
HIGH
Mattermost Server <5.18.0 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20845
HIGH
Mattermost Server < 5.18.0 - Denial of Service via Large Slack Import
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20844
MEDIUM
Mattermost Server <5.18.0-5.9.7 - Info Disclosure
Jun 19, 2020
CVSS 6.5
EPSS 0.00
CVE-2019-20843
HIGH
Mattermost Server <5.18.0-5.9.7 - Info Disclosure
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2019-20842
HIGH
Mattermost Server < 5.9.7 - Authenticated SQL Injection via SearchAllChannels
Jun 19, 2020
CVSS 7.2
EPSS 0.01
CVE-2019-20841
HIGH
Mattermost Server < 5.9.7 - Cross-Site Request Forgery
Jun 19, 2020
CVSS 8.8
EPSS 0.00
CVE-2018-21264
HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - SAML Response Expiration Bypass
Jun 19, 2020
CVSS 8.8
EPSS 0.01
CVE-2018-21256
MEDIUM
Mattermost Server < 5.1.0 - Unauthenticated Group Message Channel Creation via Slash Command
Jun 19, 2020
CVSS 4.3
EPSS 0.01
CVE-2018-21252
MEDIUM
Mattermost Server < 4.10.3, 5.0.3, 5.1.1, 5.2 - Unauthenticated Signup Policy Bypass via Multiple Email Addresses
Jun 19, 2020
CVSS 4.3
EPSS 0.01
CVE-2018-21265
MEDIUM
Mattermost Desktop App < 4.0.0 - Incorrect Permission Assignment for Critical Resource via setPermissionRequestHandler
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2018-21263
HIGH
Mattermost Server < 4.7.0, < 4.6.2, < 4.5.2 - Unauthenticated Account Takeover via SAML Response
Jun 19, 2020
CVSS 8.8
EPSS 0.01
CVE-2018-21262
HIGH
Mattermost Server < 4.7.3 - Denial of Service via Invalid LaTeX Text
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2018-21261
MEDIUM
Mattermost Server 4.6.0-4.6.2 - Unintended Excessive Invitation Privileges via Email Invite
Jun 19, 2020
CVSS 4.3
EPSS 0.01
CVE-2018-21260
LOW
Mattermost Server 4.6.0-4.6.2 - Exposure of Sensitive Information via WebSocket Events
Jun 19, 2020
CVSS 2.7
EPSS 0.01
CVE-2018-21259
MEDIUM
Mattermost Server < 4.8.2 - Denial of Service via Malformed Channel Link
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2018-21258
HIGH
Mattermost Server < 5.1.0 - Denial of Service via Invite People Slash Command
Jun 19, 2020
CVSS 7.5
EPSS 0.01
CVE-2018-21257
MEDIUM
Mattermost Server < 5.1.0 - Missing Authorization via Channel Header Slash Command API
Jun 19, 2020
CVSS 5.3
EPSS 0.01
CVE-2018-21255
MEDIUM
Mattermost Server < 5.1.0 - Unauthenticated Channel Modification via Channel PATCH API
Jun 19, 2020
CVSS 4.3
EPSS 0.01
Products
mattermost_server 452
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters