Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 3.5.2  Security Vulnerabilities
CVE-2017-18913
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18914
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18916
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18919
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18920
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-06-19
CVE-2017-18895
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18896
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18897
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18898
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18899
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved