Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  Security Vulnerabilities
CVE-2023-5194
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
CVSS Score
2.7
EPSS Score
0.0
Published
2023-09-29
CVE-2023-5195
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-29
CVE-2023-5196
Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-09-29
CVE-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-08-25
CVE-2023-4108
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged
CVSS Score
4.5
EPSS Score
0.002
Published
2023-08-11
CVE-2023-4105
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message
CVSS Score
3.1
EPSS Score
0.003
Published
2023-08-11
CVE-2023-4106
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-08-11
CVE-2023-4107
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-08-11
CVE-2023-3593
Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3613
Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved