Mattermost: >> Mattermost >> 7.0.1 Security Vulnerabilities
Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner.
CVSS Score
3.5
EPSS Score
0.002
Published
2023-03-22
A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-02-27
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-02-27
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.
CVSS Score
4.3
EPSS Score
0.007
Published
2022-11-23
Page 3