CVE-2023-4108
- EPSS 0.52%
- Veröffentlicht 11.08.2023 07:15:10
- Zuletzt bearbeitet 21.11.2024 08:34:24
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged
CVE-2023-4105
- EPSS 0.33%
- Veröffentlicht 11.08.2023 07:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:24
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message
CVE-2023-4106
- EPSS 0.31%
- Veröffentlicht 11.08.2023 07:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:24
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.
CVE-2023-4107
- EPSS 0.42%
- Veröffentlicht 11.08.2023 07:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:24
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
CVE-2023-3615
- EPSS 0.29%
- Veröffentlicht 17.07.2023 16:15:11
- Zuletzt bearbeitet 21.11.2024 08:17:40
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.
CVE-2023-2785
- EPSS 0.6%
- Veröffentlicht 16.06.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:17
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
CVE-2023-2792
- EPSS 0.62%
- Veröffentlicht 16.06.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:17
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
CVE-2023-2793
- EPSS 0.56%
- Veröffentlicht 16.06.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:18
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.
CVE-2023-2797
- EPSS 0.47%
- Veröffentlicht 16.06.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:18
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
CVE-2023-2831
- EPSS 0.68%
- Veröffentlicht 16.06.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:22
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.