Mattermost

Mattermost

180 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-1002

Exploit
  • EPSS 0.2%
  • Published 18.03.2022 18:15:12
  • Last modified 21.11.2024 06:39:50

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitatio...

4.9

CVE-2022-1003

  • EPSS 0.13%
  • Published 18.03.2022 18:15:12
  • Last modified 21.11.2024 06:39:50

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted conf...

6.5

CVE-2022-0708

  • EPSS 0.39%
  • Published 21.02.2022 18:15:08
  • Last modified 21.11.2024 06:39:13

Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.

6.5

CVE-2021-37864

  • EPSS 0.22%
  • Published 18.01.2022 17:15:08
  • Last modified 21.11.2024 06:16:01

Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the ...

5.7

CVE-2021-37865

  • EPSS 0.6%
  • Published 18.01.2022 17:15:08
  • Last modified 21.11.2024 06:16:01

Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Deni...

7.5

CVE-2021-37861

  • EPSS 0.34%
  • Published 09.12.2021 22:15:07
  • Last modified 21.11.2024 06:15:59

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.

6.1

CVE-2021-37860

  • EPSS 0.21%
  • Published 22.09.2021 17:15:11
  • Last modified 21.11.2024 06:15:59

Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.

6.1

CVE-2021-37859

  • EPSS 45.09%
  • Published 05.08.2021 20:15:09
  • Last modified 21.11.2024 06:15:59

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.

7.5

CVE-2020-13891

  • EPSS 0.32%
  • Published 26.06.2020 17:15:10
  • Last modified 21.11.2024 05:02:05

An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.

9.1

CVE-2019-20851

  • EPSS 0.79%
  • Published 19.06.2020 15:15:10
  • Last modified 21.11.2024 04:39:31

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.