Mattermost: Security Vulnerabilities
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-06-19
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
CVSS Score
9.8
EPSS Score
0.014
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.
CVSS Score
5.5
EPSS Score
0.009
Published
2020-06-19
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
CVSS Score
8.8
EPSS Score
0.017
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-06-19
An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-06-19