Mattermost: >> Mattermost Server >> 5.13.0 Security Vulnerabilities
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-03-10
A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-03-10
Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.
CVSS Score
3.7
EPSS Score
0.002
Published
2021-12-17
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.
CVSS Score
3.5
EPSS Score
0.006
Published
2021-12-17
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19