Mattermost

Mattermost

180 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-43754

  • EPSS 0.35%
  • Veröffentlicht 27.11.2023 10:15:07
  • Zuletzt bearbeitet 21.11.2024 08:24:43

Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels”...

4.3

CVE-2023-45223

  • EPSS 0.35%
  • Veröffentlicht 27.11.2023 10:15:07
  • Zuletzt bearbeitet 21.11.2024 08:26:34

Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled. 

4.3

CVE-2023-47865

  • EPSS 0.11%
  • Veröffentlicht 27.11.2023 09:15:32
  • Zuletzt bearbeitet 21.11.2024 08:30:56

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the usern...

4.3

CVE-2023-5967

  • EPSS 0.1%
  • Veröffentlicht 06.11.2023 16:15:42
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

4.9

CVE-2023-5968

  • EPSS 0.14%
  • Veröffentlicht 06.11.2023 16:15:42
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. 

5.3

CVE-2023-5969

  • EPSS 0.11%
  • Veröffentlicht 06.11.2023 16:15:42
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.

4.3

CVE-2023-5522

  • EPSS 0.09%
  • Veröffentlicht 17.10.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:56

Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. 

4.3

CVE-2023-5160

  • EPSS 0.23%
  • Veröffentlicht 02.10.2023 11:15:50
  • Zuletzt bearbeitet 21.11.2024 08:41:12

Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled

2.7

CVE-2023-5159

  • EPSS 0.03%
  • Veröffentlicht 29.09.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:12

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.

2.7

CVE-2023-5193

  • EPSS 0.13%
  • Veröffentlicht 29.09.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:16

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.