Mattermost: >> Mattermost Server >> 3.10.2 Security Vulnerabilities
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-06-19