Mattermost: Security Vulnerabilities
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
CVSS Score
2.7
EPSS Score
0.002
Published
2020-06-19