Mattermost: >> Mattermost Server >> 8.0.1 Security Vulnerabilities
Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-12
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-12-06
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
CVSS Score
7.1
EPSS Score
0.004
Published
2023-12-06
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-09
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-09
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-09
Page 3