Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  Security Vulnerabilities
CVE-2023-5876
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
CVSS Score
3.1
EPSS Score
0.001
Published
2023-11-02
CVE-2023-5920
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
CVSS Score
2.9
EPSS Score
0.001
Published
2023-11-02
CVE-2023-5339
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
CVSS Score
4.7
EPSS Score
0.001
Published
2023-10-17
CVE-2023-5522
Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. 
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-17
CVE-2023-5330
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-09
CVE-2023-5331
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-09
CVE-2023-5333
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-09
CVE-2023-5160
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
CVSS Score
4.3
EPSS Score
0.002
Published
2023-10-02
CVE-2023-5159
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
CVSS Score
3.8
EPSS Score
0.0
Published
2023-09-29
CVE-2023-5193
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-09-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved