Mattermost: >> Mattermost Server >> 7.8.7 Security Vulnerabilities
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
CVSS Score
4.3
EPSS Score
0.005
Published
2023-10-09
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.
CVSS Score
4.3
EPSS Score
0.004
Published
2023-08-25
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.
CVSS Score
3.1
EPSS Score
0.005
Published
2023-04-25
Page 4