Filter
AND
MattermostApp Framework does not checks for the secret provided in the incoming webhook request
4.3
First published (updated )
MattermostApps Framework allows install requests from regular members via an internal path
6.5
First published (updated )
MattermostChannel commands execution doesn't properly verify permissions
4.3
First published (updated )
MattermostCollapsed Reply Threads APIs leak message contents from private channels
6.5
First published (updated )
MattermostDeactivated user can retain access using oauth2 api
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostEphemeral messages return private channel contents in permalink previews
6.5
First published (updated )
MattermostStack exhaustion in PreparePostForClientWithEmbedsAndImages
6.5
First published (updated )
MattermostPath traversal in GitHub plugin's code preview feature
6.5
First published (updated )
MattermostDenial of Service while unescaping a Markdown string
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostSpecially crafted search query can cause large log entries in postgres
4.3
First published (updated )
go/github.com/mattermost/mattermost-server/v6Attachment of deleted message in a thread remains accessible and downloadable
4.3
First published (updated )
go/github.com/mattermost/mattermost-server/v6Incorrect authorization allows a user manager to update a system admin
6.7
First published (updated )
go/github.com/mattermost/mattermost-server/v6Audit logging fails to sanitize post metadata
7.5
First published (updated )
go/github.com/mattermost/mattermost-server/v6A guest user can perform various actions on public playbooks
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostWebSockets accept connections from HTTPS origin
8.1
First published (updated )
MattermostInconsistent state in UI after boards permission change by system admin
2.7
First published (updated )
MattermostDisabling publicly-shared boards does not disable existing publicly available board links
5.4
First published (updated )
MattermostLack of channel membership check when linking a board to a channel
4.3
First published (updated )
MattermostLimited blind SSRF to localhost/intranet in interactive dialog implementation
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostMember can create team with team override scheme
3.1
First published (updated )
MattermostDeleted attachments in Boards remain accessible
7.5
First published (updated )
MattermostServer crash via a specially crafted markdown input
6.5
First published (updated )
MattermostDenial of Service via specially crafted gif image
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostLack of previous password reset tokens on new token creation
8.2
First published (updated )