Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mattermost_server
(Mattermost)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 215 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-17 | CVE-2023-3591 | Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | Mattermost_server | 8.2 | ||
| 2023-07-17 | CVE-2023-3593 | Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. | Mattermost_server | 6.5 | ||
| 2023-07-17 | CVE-2023-3585 | Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. | Mattermost_server | 4.3 | ||
| 2023-07-17 | CVE-2023-3613 | Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. | Mattermost_server | 3.5 | ||
| 2023-07-17 | CVE-2023-3614 | Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. | Mattermost_server | 3.3 | ||
| 2022-04-13 | CVE-2022-1337 | The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | Mattermost_server | 6.5 | ||
| 2022-09-09 | CVE-2022-3147 | Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service. | Mattermost_server | 6.5 | ||
| 2023-05-12 | CVE-2023-2515 | Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin | Mattermost_server | 8.8 | ||
| 2023-04-25 | CVE-2023-2281 | When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team. | Mattermost_server | 4.3 | ||
| 2023-04-17 | CVE-2023-1831 | Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config). | Mattermost_server | 7.5 |