Product:

Mattermost_server

(Mattermost)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 215
Date Id Summary Products Score Patch Annotated
2020-06-19 CVE-2017-18915 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. Mattermost_server N/A
2020-06-19 CVE-2017-18914 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. Mattermost_server N/A
2020-06-19 CVE-2017-18910 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. Mattermost_server N/A
2020-06-19 CVE-2017-18909 An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. Mattermost_server N/A
2020-06-19 CVE-2017-18908 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. Mattermost_server N/A
2020-06-19 CVE-2017-18905 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. Mattermost_server N/A
2020-06-19 CVE-2017-18904 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. Mattermost_server N/A
2020-06-19 CVE-2017-18903 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. Mattermost_server N/A
2020-06-19 CVE-2017-18902 An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. Mattermost_server N/A
2020-06-19 CVE-2017-18893 An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. Mattermost_server N/A