Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  Security Vulnerabilities
CVE-2017-18874
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
CVSS Score
6.5
EPSS Score
0.007
Published
2020-06-19
CVE-2017-18872
An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18873
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
CVE-2018-21252
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21256
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21264
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-06-19
CVE-2019-20889
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-06-19
CVE-2019-20890
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21262
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2018-21263
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved