Product:

Mattermost_server

(Mattermost)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 215
Date Id Summary Products Score Patch Annotated
2020-06-19 CVE-2017-18919 An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. Mattermost_server N/A
2020-06-19 CVE-2017-18916 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. Mattermost_server N/A
2020-06-19 CVE-2017-18915 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access. Mattermost_server N/A
2020-06-19 CVE-2017-18914 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. Mattermost_server N/A
2020-06-19 CVE-2017-18910 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. Mattermost_server N/A
2020-06-19 CVE-2017-18909 An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. Mattermost_server N/A
2020-06-19 CVE-2017-18908 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. Mattermost_server N/A
2020-06-19 CVE-2017-18905 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. Mattermost_server N/A
2020-06-19 CVE-2017-18904 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. Mattermost_server N/A
2020-06-19 CVE-2017-18903 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. Mattermost_server N/A