Mattermost: >> Mattermost Server >> 9.1.0 Security Vulnerabilities
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled.
CVSS Score
4.3
EPSS Score
0.006
Published
2023-12-12
Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog.
CVSS Score
4.3
EPSS Score
0.006
Published
2023-12-12
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
CVSS Score
7.1
EPSS Score
0.006
Published
2023-12-06
Page 2