Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 5.10.0  Security Vulnerabilities
CVE-2019-20867
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20869
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20854
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-06-19
CVE-2019-20857
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20858
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20862
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20863
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2020-14447
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2020-14448
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2020-14450
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved