Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  Security Vulnerabilities
CVE-2023-3582
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, 
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3584
Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3585
Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3586
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.
CVSS Score
4.2
EPSS Score
0.002
Published
2023-07-17
CVE-2023-3587
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3590
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.
CVSS Score
3.1
EPSS Score
0.003
Published
2023-07-17
CVE-2023-3591
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-07-17
CVE-2023-2785
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
CVE-2023-2792
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16
CVE-2023-2793
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved