Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mattermost_server
(Mattermost)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 238 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-07-17 | CVE-2023-3577 | Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. | Mattermost_server | 4.3 | ||
| 2023-07-17 | CVE-2023-3581 | Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs. | Mattermost_server | 8.1 | ||
| 2023-07-17 | CVE-2023-3582 | Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, | Mattermost_server | 4.3 | ||
| 2023-07-17 | CVE-2023-3584 | Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme. | Mattermost_server | 3.1 | ||
| 2023-07-17 | CVE-2023-3585 | Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. | Mattermost_server | 4.3 | ||
| 2023-07-17 | CVE-2023-3586 | Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. | Mattermost_server | 5.4 | ||
| 2023-07-17 | CVE-2023-3587 | Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. | Mattermost_server | 2.7 | ||
| 2023-07-17 | CVE-2023-3593 | Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. | Mattermost_server | 6.5 | ||
| 2023-07-17 | CVE-2023-3590 | Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. | Mattermost_server | 7.5 | ||
| 2023-07-17 | CVE-2023-3591 | Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | Mattermost_server | 8.2 |