Filter
AND

Mattermost Mattermost ServerResource Exhaustion via the Invitation Feature

EPSS
0.04%
First published (updated )

Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs

EPSS
0.05%
First published (updated )

go/github.com/mattermost/mattermost/server/v8Invite ID available to team admins even without the "Add Members" permission

EPSS
0.04%
First published (updated )

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li…

First published (updated )

Mattermost Mattermost ServerReflected XSS in Mattermost Jira plugin

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

go/github.com/mattermost/mattermost/server/v8Infoleak

First published (updated )

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata …

First published (updated )

Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…

First published (updated )

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.…

First published (updated )

go/github.com/mattermost/mattermost/server/v8DoS via a large number of User Preferences

EPSS
0.04%
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost MattermostServer-side Denial of Service while processing a specifically crafted GIF file

First published (updated )

Mattermost Mattermost BoardsEmails of all users are exposed via one of the Boards APIs

First published (updated )

Mattermost MattermostUsers can view the contents of an archived channel when access is explicitly denied by the system admin

First published (updated )

Mattermost MattermostTeam Creator's Email Address is disclosed to Team Members via one of the APIs

First published (updated )

Mattermost Mattermost ServerStack overflow in document extractor in Mattermost

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost MattermostSysadmin can override existing configs & bypass restrictions like EnableUploads

First published (updated )

Mattermost MattermostHTML Injection while inviting Guests

First published (updated )

Mattermost Mattermost ServerOOM DoS in Mattermost image proxy

First published (updated )

Mattermost PlaybooksA specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service

First published (updated )

Mattermost Mattermost ServerRestricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost Mattermost ServerInvitation Email is resent as a Reminder after invalidating pending email invites

First published (updated )

Mattermost Mattermost ServerA crafted SVG attachment can crash a Mattermost server

First published (updated )

Mattermost Mattermost ServerIncorrect defaults can cause attackers to bypass rate limitations

First published (updated )

Mattermost Mattermost ServerTeam members could access sensitive information of other users via an API call

First published (updated )

Mattermost MattermostMalicious imports can lead to Denial of Service

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost MattermostGuest accounts can list all public channels

First published (updated )

Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted JPEG file

First published (updated )

Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted GIF file

First published (updated )

Mattermost MattermostAuthenticated user could send multiple requests containing a large payload to a Playbooks API and can crash a Mattermost server

First published (updated )

Mattermost MattermostAuthenticated user could send multiple requests containing a large Auto Responder Message payload and can crash a Mattermost server

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203