Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 3.10.2  Security Vulnerabilities
CVE-2021-37863
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.
CVSS Score
3.5
EPSS Score
0.006
Published
2021-12-17
CVE-2017-18895
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18896
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18897
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18898
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18899
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18900
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-06-19
CVE-2017-18901
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18902
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18878
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved