Mattermost: >> Mattermost Server >> 5.0.3 Security Vulnerabilities
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.
CVSS Score
7.3
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
CVSS Score
3.7
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19