Mattermost: >> Mattermost Server >> 7.8.7 Security Vulnerabilities
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-12
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-12-06
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
CVSS Score
7.1
EPSS Score
0.004
Published
2023-12-06
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-09
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-09
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-09
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-08-25
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
CVSS Score
3.1
EPSS Score
0.003
Published
2023-04-25
Page 3