Mattermost: >> Mattermost Server >> 5.3.1 Security Vulnerabilities
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-06-19