Github.Com Mattermost Mattermost-Server vulnerabilities

CVE-2017-18915 [CRITICAL] CWE-20 Mattermost Server server restarts may provide attackers with API access Mattermost Server server restarts may provide attackers with API access An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.

CVE-2017-18884 [CRITICAL] CWE-269 Mattermost Server exposes OAuth personal access tokens to attackers Mattermost Server exposes OAuth personal access tokens to attackers An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

CVE-2017-18885 [CRITICAL] CWE-269 Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.

CVE-2017-18900 [CRITICAL] CWE-1236 Mattermost Server is vulnerable CSV Injection Mattermost Server is vulnerable CSV Injection An issue was discovered in Mattermost Server before 4.0.4 and 3.10.3. It allows CSV injection via a compliance report.

CVE-2017-18908 [CRITICAL] CWE-287 Mattermost Server password reset email requests can be sent to attacker-provided email addresses Mattermost Server password reset email requests can be sent to attacker-provided email addresses An issue was discovered in Mattermost Server before 4.0.0, 3.10.1, and 3.9.1. A password reset request was sometimes sent to an attacker-provided e-mail address.

CVE-2017-18911 [CRITICAL] CWE-295 Mattermost Server has X.509 Improper Certificate Validation Mattermost Server has X.509 Improper Certificate Validation An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.

CVE-2017-18888 [CRITICAL] CWE-89 Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.

CVE-2016-11066 [HIGH] CWE-200 Mattermost Server: initial_load API exposes unnecessary information Mattermost Server: initial_load API exposes unnecessary information An issue was discovered in Mattermost Server before 3.1.1. The initial_load API disclosed unnecessary personal information.

CVE-2017-18912 [HIGH] CWE-22 Mattermost Server allows an attacker to specify a full pathname of a log file Mattermost Server allows an attacker to specify a full pathname of a log file An issue was discovered in Mattermost Server before 3.7.5. It allows an attacker to specify a full pathname of a log file.

CVE-2016-11074 [HIGH] CWE-287 Mattermost Server: Insufficient Password-Reset Link Invalidation Mattermost Server: Insufficient Password-Reset Link Invalidation An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.

CVE-2018-21258 [HIGH] CWE-400 Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command An issue was discovered in Mattermost Server before 5.1.0. It allows attackers to cause a denial of service via the invite_people slash command.

CVE-2016-11069 [HIGH] CWE-799 Mattermost Server does not enforce rate limits on password change attempts Mattermost Server does not enforce rate limits on password change attempts An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.

CVE-2016-11076 [HIGH] CWE-295 Mattermost Server does not check if cookies are used over SSL Mattermost Server does not check if cookies are used over SSL An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.

CVE-2017-18871 [HIGH] CWE-248 Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.

CVE-2017-18894 [HIGH] CWE-639 Mattermost Server has intermittent Authorization bypass for resource-owners Mattermost Server has intermittent Authorization bypass for resource-owners An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Resource-owner authorization can be intermittently bypassed, allowing account takeover.

CVE-2017-18886 [HIGH] CWE-732 Mattermost Server does not properly restrict use of slash commands Mattermost Server does not properly restrict use of slash commands An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.

CVE-2017-18917 [HIGH] CWE-328 Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations An issue was discovered in Mattermost Server before 3.8.2 and 3.7.5. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

CVE-2017-18906 [HIGH] CWE-613 Mattermost Server vulnerable to user account takeover when Single Sign-On OAuth2 is used Mattermost Server vulnerable to user account takeover when Single Sign-On OAuth2 is used An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.

CVE-2017-18903 [HIGH] CWE-352 Mattermost Server vulnerable to CSRF if CORS is enabled Mattermost Server vulnerable to CSRF if CORS is enabled An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.

CVE-2017-18909 [HIGH] CWE-311 Mattermost Server SAML implementation does not require encryption or signature verification as default Mattermost Server SAML implementation does not require encryption or signature verification as default An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.