Mattermost: >> Mattermost Server >> 4.10.7 Security Vulnerabilities
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
CVSS Score
7.2
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
Page 10