Filtered by vendor Mattermost
Subscriptions
Filtered by product Mattermost Server
Subscriptions
Total
206 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-1777 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 6.5 Medium |
Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message. | ||||
CVE-2023-1774 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 4.2 Medium |
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. | ||||
CVE-2023-1421 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 3.5 Low |
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter. | ||||
CVE-2024-24776 | 1 Mattermost | 1 Mattermost Server | 2024-08-01 | 3.1 Low |
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. | ||||
CVE-2024-23319 | 1 Mattermost | 1 Mattermost Server | 2024-08-01 | 3.5 Low |
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. | ||||
CVE-2024-1402 | 1 Mattermost | 1 Mattermost Server | 2024-08-01 | 4.3 Medium |
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post. |