Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost  >> 7.1.6  Security Vulnerabilities
CVE-2023-5968
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. 
CVSS Score
4.9
EPSS Score
0.001
Published
2023-11-06
CVE-2023-5969
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-11-06
CVE-2023-5160
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-02
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
CVSS Score
3.8
EPSS Score
0.0
Published
2023-09-29
CVE-2023-5193
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-09-29
CVE-2023-5194
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
CVSS Score
2.7
EPSS Score
0.0
Published
2023-09-29
CVE-2023-5195
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-29
CVE-2023-5196
Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-09-29
CVE-2023-2785
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
CVE-2023-2792
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved