Filtered by vendor Mattermost Subscriptions
Filtered by product Mattermost Server Subscriptions
Total 206 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1777 1 Mattermost 1 Mattermost Server 2024-08-02 6.5 Medium
Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
CVE-2023-1774 1 Mattermost 1 Mattermost Server 2024-08-02 4.2 Medium
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
CVE-2023-1421 1 Mattermost 1 Mattermost Server 2024-08-02 3.5 Low
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
CVE-2024-24776 1 Mattermost 1 Mattermost Server 2024-08-01 3.1 Low
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.
CVE-2024-23319 1 Mattermost 1 Mattermost Server 2024-08-01 3.5 Low
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
CVE-2024-1402 1 Mattermost 1 Mattermost Server 2024-08-01 4.3 Medium
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post.