Filtered by vendor Mattermost
Subscriptions
Filtered by product Mattermost Mobile
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-20852 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-05 | 7.5 High |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). | ||||
CVE-2019-20849 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-05 | 5.3 Medium |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. | ||||
CVE-2019-20850 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-05 | 5.3 Medium |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. | ||||
CVE-2019-20848 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-05 | 7.5 High |
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. | ||||
CVE-2020-14449 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-04 | 7.5 High |
An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018. | ||||
CVE-2020-14451 | 2 Apple, Mattermost | 2 Iphone Os, Mattermost Mobile | 2024-08-04 | 7.5 High |
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. | ||||
CVE-2024-39767 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-02 | 4.2 Medium |
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications. | ||||
CVE-2024-32945 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-02 | 2.6 Low |
Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions. |
Page 1 of 1.