Mattermost Server vulnerabilities

389 known vulnerabilities affecting mattermost/mattermost_server.

Total CVEs
389
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL15HIGH74MEDIUM266LOW34

Vulnerabilities

Page 20 of 20
CVE-2019-20883MEDIUMCVSS 4.3fixed in 5.8.02020-06-19
CVE-2019-20883 [MEDIUM] CVE-2019-20883: An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Use An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.
nvd
CVE-2017-18918MEDIUMCVSS 4.9≥ 3.6.0, < 3.6.5≥ 3.7.0, < 3.7.32020-06-19
CVE-2017-18918 [MEDIUM] CWE-295 CVE-2017-18918: An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can plac An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
nvd
CVE-2019-20847MEDIUMCVSS 5.3fixed in 5.18.02020-06-19
CVE-2019-20847 [MEDIUM] CVE-2019-20847: An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSo An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
nvd
CVE-2018-21261MEDIUMCVSS 4.3≥ 4.6.0, < 4.6.3≥ 4.7.0, < 4.7.4+1 more2020-06-19
CVE-2018-21261 [MEDIUM] CWE-732 CVE-2018-21261: An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accide An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.
nvd
CVE-2017-18913MEDIUMCVSS 6.1fixed in 3.6.7≥ 3.7.0, < 3.7.5+1 more2020-06-19
CVE-2017-18913 [MEDIUM] CWE-79 CVE-2017-18913: An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a lin An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
nvd
CVE-2017-18880MEDIUMCVSS 6.1fixed in 4.1.2≥ 4.2.0, < 4.2.1+1 more2020-06-19
CVE-2017-18880 [MEDIUM] CWE-79 CVE-2017-18880: An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.
nvd
CVE-2018-21249LOWCVSS 3.7fixed in 5.3.02020-06-19
CVE-2018-21249 [LOW] CVE-2018-21249: An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
nvd
CVE-2016-11077LOWCVSS 2.7fixed in 3.0.02020-06-19
CVE-2016-11077 [LOW] CWE-732 CVE-2016-11077: An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the Sys An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
nvd
CVE-2018-21260LOWCVSS 2.7≥ 4.6.0, < 4.6.3≥ 4.7.0, < 4.7.4+1 more2020-06-19
CVE-2018-21260 [LOW] CWE-200 CVE-2018-21260: An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were a An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
nvd
← Previous20 / 20