Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 4.3.0  Security Vulnerabilities
CVE-2017-18882
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18883
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-06-19
CVE-2017-18884
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18885
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18886
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-06-19
CVE-2017-18887
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18888
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18889
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18890
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-06-19
CVE-2017-18874
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
CVSS Score
6.5
EPSS Score
0.007
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved