Mattermost ≫ Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.

An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.

An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.

An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.

An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.

An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.

An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.