Mattermost: Security Vulnerabilities
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19