Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 4.3.2  Security Vulnerabilities
CVE-2019-20855
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
CVE-2019-20857
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20858
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20859
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
CVE-2019-20860
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20862
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20863
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2020-14460
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-19
CVE-2020-14447
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2020-14448
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved