Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  Security Vulnerabilities
CVE-2023-4108
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged
CVSS Score
4.5
EPSS Score
0.001
Published
2023-08-11
CVE-2023-4105
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message
CVSS Score
3.1
EPSS Score
0.003
Published
2023-08-11
CVE-2023-4106
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-08-11
CVE-2023-4107
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-08-11
CVE-2023-3593
Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3613
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3614
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3615
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-07-17
CVE-2023-3577
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.
CVSS Score
3.5
EPSS Score
0.002
Published
2023-07-17
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved