Логотип exploitDog
product: "mattermost"
Консоль
Логотип exploitDog

exploitDog

product: "mattermost"

Количество 239

Количество 239

debian логотип

CVE-2024-39361

около 1 года назад

Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= ...

CVSS3: 3.1
EPSS: Низкий
nvd логотип

CVE-2024-39353

около 1 года назад

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.

CVSS3: 2.7
EPSS: Низкий
debian логотип

CVE-2024-39353

около 1 года назад

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the Remo ...

CVSS3: 2.7
EPSS: Низкий
nvd логотип

CVE-2024-39274

около 1 года назад

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels

CVSS3: 8.7
EPSS: Низкий
debian логотип

CVE-2024-39274

около 1 года назад

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and ...

CVSS3: 8.7
EPSS: Низкий
nvd логотип

CVE-2024-36492

около 1 года назад

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.

CVSS3: 7.4
EPSS: Низкий
debian логотип

CVE-2024-36492

около 1 года назад

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9. ...

CVSS3: 7.4
EPSS: Низкий
nvd логотип

CVE-2024-36257

около 1 года назад

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A.

CVSS3: 2.7
EPSS: Низкий
debian логотип

CVE-2024-36257

около 1 года назад

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared channel ...

CVSS3: 2.7
EPSS: Низкий
nvd логотип

CVE-2024-32939

12 месяцев назад

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."

CVSS3: 4.3
EPSS: Низкий
debian логотип

CVE-2024-32939

12 месяцев назад

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, ...

CVSS3: 4.3
EPSS: Низкий
nvd логотип

CVE-2024-29977

около 1 года назад

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts

CVSS3: 2.7
EPSS: Низкий
debian логотип

CVE-2024-29977

около 1 года назад

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly va ...

CVSS3: 2.7
EPSS: Низкий
nvd логотип

CVE-2024-10214

9 месяцев назад

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.

CVSS3: 3.5
EPSS: Низкий
debian логотип

CVE-2024-10214

9 месяцев назад

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues ...

CVSS3: 3.5
EPSS: Низкий
nvd логотип

CVE-2023-7114

больше 1 года назад

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.

CVSS3: 7.1
EPSS: Низкий
debian логотип

CVE-2023-7114

больше 1 года назад

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths ...

CVSS3: 7.1
EPSS: Низкий
nvd логотип

CVE-2023-6202

больше 1 года назад

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.

CVSS3: 4.3
EPSS: Низкий
debian логотип

CVE-2023-6202

больше 1 года назад

Mattermost fails to perform proper authorization in the /plugins/focal ...

CVSS3: 4.3
EPSS: Низкий
nvd логотип

CVE-2023-5969

больше 1 года назад

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.

CVSS3: 5.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
debian логотип
CVE-2024-39361

Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= ...

CVSS3: 3.1
0%
Низкий
около 1 года назад
nvd логотип
CVE-2024-39353

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.

CVSS3: 2.7
0%
Низкий
около 1 года назад
debian логотип
CVE-2024-39353

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the Remo ...

CVSS3: 2.7
0%
Низкий
около 1 года назад
nvd логотип
CVE-2024-39274

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels

CVSS3: 8.7
0%
Низкий
около 1 года назад
debian логотип
CVE-2024-39274

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and ...

CVSS3: 8.7
0%
Низкий
около 1 года назад
nvd логотип
CVE-2024-36492

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.

CVSS3: 7.4
0%
Низкий
около 1 года назад
debian логотип
CVE-2024-36492

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9. ...

CVSS3: 7.4
0%
Низкий
около 1 года назад
nvd логотип
CVE-2024-36257

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A.

CVSS3: 2.7
0%
Низкий
около 1 года назад
debian логотип
CVE-2024-36257

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared channel ...

CVSS3: 2.7
0%
Низкий
около 1 года назад
nvd логотип
CVE-2024-32939

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."

CVSS3: 4.3
0%
Низкий
12 месяцев назад
debian логотип
CVE-2024-32939

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, ...

CVSS3: 4.3
0%
Низкий
12 месяцев назад
nvd логотип
CVE-2024-29977

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts

CVSS3: 2.7
0%
Низкий
около 1 года назад
debian логотип
CVE-2024-29977

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly va ...

CVSS3: 2.7
0%
Низкий
около 1 года назад
nvd логотип
CVE-2024-10214

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.

CVSS3: 3.5
0%
Низкий
9 месяцев назад
debian логотип
CVE-2024-10214

Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues ...

CVSS3: 3.5
0%
Низкий
9 месяцев назад
nvd логотип
CVE-2023-7114

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.

CVSS3: 7.1
0%
Низкий
больше 1 года назад
debian логотип
CVE-2023-7114

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths ...

CVSS3: 7.1
0%
Низкий
больше 1 года назад
nvd логотип
CVE-2023-6202

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.

CVSS3: 4.3
0%
Низкий
больше 1 года назад
debian логотип
CVE-2023-6202

Mattermost fails to perform proper authorization in the /plugins/focal ...

CVSS3: 4.3
0%
Низкий
больше 1 года назад
nvd логотип
CVE-2023-5969

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.

CVSS3: 5.3
0%
Низкий
больше 1 года назад

Уязвимостей на страницу