Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  Security Vulnerabilities
CVE-2023-3591
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-07-17
CVE-2023-2785
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-16
CVE-2023-2792
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-06-16
CVE-2023-2793
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-06-16
CVE-2023-2797
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
CVSS Score
3.1
EPSS Score
0.006
Published
2023-06-16
CVE-2023-2831
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-16
CVE-2023-2791
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-16
CVE-2023-2783
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
CVSS Score
4.3
EPSS Score
0.002
Published
2023-06-16
CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.
CVSS Score
4.2
EPSS Score
0.001
Published
2023-06-16
CVE-2023-2786
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved