Filtered by vendor Mattermost Subscriptions
Filtered by product Mattermost Server Subscriptions
Total 227 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-18917 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 High
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
CVE-2017-18916 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
CVE-2017-18915 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
CVE-2017-18914 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
CVE-2017-18913 1 Mattermost 1 Mattermost Server 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
CVE-2017-18912 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.
CVE-2017-18911 1 Mattermost 1 Mattermost Server 2024-11-21 9.1 Critical
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.
CVE-2017-18910 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
CVE-2017-18909 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 High
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
CVE-2017-18908 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
CVE-2017-18907 1 Mattermost 1 Mattermost Server 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVE-2017-18906 1 Mattermost 1 Mattermost Server 2024-11-21 8.1 High
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
CVE-2017-18905 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVE-2017-18904 1 Mattermost 1 Mattermost Server 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.
CVE-2017-18903 1 Mattermost 1 Mattermost Server 2024-11-21 8.8 High
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
CVE-2017-18902 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
CVE-2017-18901 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.
CVE-2017-18900 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
CVE-2017-18899 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
CVE-2017-18898 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.