Mattermost: Security Vulnerabilities
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
CVSS Score
5.3
EPSS Score
0.008
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVSS Score
4.3
EPSS Score
0.007
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.
CVSS Score
6.5
EPSS Score
0.009
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-06-19
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
CVSS Score
9.1
EPSS Score
0.014
Published
2020-06-19
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content).
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-19
An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem.
CVSS Score
9.8
EPSS Score
0.022
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-06-19