Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mattermost_server
(Mattermost)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 206 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-17 | CVE-2023-3587 | Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. | Mattermost_server | 2.7 | ||
| 2023-07-17 | CVE-2023-3590 | Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. | Mattermost_server | 7.5 | ||
| 2023-07-17 | CVE-2023-3591 | Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | Mattermost_server | 8.2 | ||
| 2023-07-17 | CVE-2023-3593 | Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. | Mattermost_server | 6.5 | ||
| 2023-07-17 | CVE-2023-3585 | Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. | Mattermost_server | 4.3 | ||
| 2023-07-17 | CVE-2023-3613 | Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. | Mattermost_server | 3.5 | ||
| 2023-07-17 | CVE-2023-3614 | Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. | Mattermost_server | 3.3 | ||
| 2022-04-13 | CVE-2022-1337 | The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | Mattermost_server | 6.5 | ||
| 2022-09-09 | CVE-2022-3147 | Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service. | Mattermost_server | 6.5 | ||
| 2023-05-12 | CVE-2023-2515 | Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin | Mattermost_server | 8.8 |