Filter
AND

Mattermost Mattermost ServerResource Exhaustion via the Invitation Feature

EPSS
0.04%
First published (updated )

Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs

EPSS
0.05%
First published (updated )

go/github.com/mattermost/mattermost/server/v8Invite ID available to team admins even without the "Add Members" permission

EPSS
0.04%
First published (updated )

go/github.com/mattermost/mattermost/server/v8Users maintain access to active call after being removed from a channel

3.1
First published (updated )

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

go/github.com/mattermost/mattermost/server/v8Infoleak, Race Condition

2.6
First published (updated )

Mattermost Mattermost ServerReflected XSS in Mattermost Jira plugin

First published (updated )

go/github.com/mattermost/mattermost/server/v8Infoleak

First published (updated )

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata …

First published (updated )

Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…

8.8
First published (updated )

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.…

First published (updated )

go/github.com/mattermost/mattermost/server/v8DoS via a large number of User Preferences

EPSS
0.04%
First published (updated )

Mattermost Mattermost ServerStack overflow in SAML login in Mattermost

7.5
First published (updated )

Mattermost Mattermost ServerStack overflow in document extractor in Mattermost

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost Mattermost ServerOOM DoS in Mattermost image proxy

First published (updated )

Mattermost Mattermost ServerRestricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents

First published (updated )

Mattermost Mattermost ServerInvitation Email is resent as a Reminder after invalidating pending email invites

First published (updated )

Mattermost Mattermost ServerAuthorized users are allowed to install old plugin versions from the Marketplace

8.8
First published (updated )

Mattermost Mattermost ServerA crafted SVG attachment can crash a Mattermost server

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost Mattermost ServerIncorrect defaults can cause attackers to bypass rate limitations

First published (updated )

Mattermost Mattermost ServerTeam members could access sensitive information of other users via an API call

First published (updated )

Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted JPEG file

First published (updated )

Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted GIF file

First published (updated )

Mattermost Mattermost ServerDisclosure of team owner email address when regenerating Invite ID

2.7
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost Mattermost ServerDisclosure of team owner email address when when accessing the teams API

2.7
First published (updated )

Mattermost Mattermost ServerReflected XSS in OAuth flow completion endpoints

First published (updated )

Mattermost Mattermost ServerUnauthorized email invite to a private channel

First published (updated )

Mattermost Mattermost ServerUnsanitized events sent over Websocket to regular users in a High Availability environment

First published (updated )

Mattermost Mattermost ServerStored XSS via SVG attachment on Boards

7.3
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203