Github.Com Mattermost Mattermost-Server vulnerabilities

CVE-2016-11072 [MEDIUM] Mattermost Server's Session ID and Session Token are potentially compromised Mattermost Server's Session ID and Session Token are potentially compromised An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.

CVE-2017-18890 [MEDIUM] CWE-20 Mattermost Server allows attackers to create buttons that can launch API requests Mattermost Server allows attackers to create buttons that can launch API requests An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.

CVE-2016-11067 [MEDIUM] CWE-400 Mattermost Server is vulnerable to Uncontrolled Resource Consumption Mattermost Server is vulnerable to Uncontrolled Resource Consumption An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.

CVE-2017-18872 [MEDIUM] CWE-862 Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

CVE-2017-18904 [MEDIUM] CWE-79 Mattermost Server vulnerable to XSS via an uploaded file Mattermost Server vulnerable to XSS via an uploaded file An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.

CVE-2017-18875 [MEDIUM] CWE-22 Mattermost Server does not prevent System Admin from arbitrary file creation Mattermost Server does not prevent System Admin from arbitrary file creation An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

CVE-2017-18877 [MEDIUM] CWE-79 Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.

CVE-2017-18897 [MEDIUM] CWE-601 Mattermost Server mishandles redirect denial action Mattermost Server mishandles redirect denial action An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.

CVE-2016-11080 [MEDIUM] CWE-200 Mattermost Server exposes account details to any Team Administrator Mattermost Server exposes account details to any Team Administrator An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

CVE-2016-11070 [MEDIUM] CWE-79 Mattermost Server is vulnerable to XSS through customizable theme color-code values Mattermost Server is vulnerable to XSS through customizable theme color-code values An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.

CVE-2016-11083 [MEDIUM] CWE-79 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.

CVE-2017-18918 [MEDIUM] CWE-22 Mattermost Server does not restrict SAML certificate path for System Administrators Mattermost Server does not restrict SAML certificate path for System Administrators An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.

CVE-2016-11078 [MEDIUM] CWE-200 Mattermost Server exposes sensitive information via its System Console UI Mattermost Server exposes sensitive information via its System Console UI An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.

CVE-2017-18895 [MEDIUM] CWE-200 Mattermost Server exposes sensitive user status information via REST API version 4 endpoint Mattermost Server exposes sensitive user status information via REST API version 4 endpoint An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.

CVE-2017-18896 [MEDIUM] CWE-732 Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.

CVE-2017-18892 [MEDIUM] CWE-116 Mattermost Server does not neutralize HTML content in an Email template field Mattermost Server does not neutralize HTML content in an Email template field An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

CVE-2017-18901 [MEDIUM] CWE-200 Mattermost Server exposes private team invite ID Mattermost Server exposes private team invite ID An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.

CVE-2017-18893 [MEDIUM] CWE-79 Mattermost Server is vulnerable to XSS through display name field Mattermost Server is vulnerable to XSS through display name field An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.

CVE-2016-11081 [MEDIUM] CWE-200 Mattermost Server exposes information stored by a web browser Mattermost Server exposes information stored by a web browser An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.

CVE-2016-11075 [MEDIUM] CWE-200 Mattermost Server exposes sensitive information about team URLs via an API Mattermost Server exposes sensitive information about team URLs via an API An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.