Mattermost: >> Mattermost Server >> 6.1.2 Security Vulnerabilities
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
CVSS Score
4.7
EPSS Score
0.006
Published
2022-04-19
Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.
CVSS Score
3.7
EPSS Score
0.008
Published
2022-04-19
A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.
CVSS Score
5.3
EPSS Score
0.008
Published
2022-03-10
A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.
CVSS Score
4.3
EPSS Score
0.009
Published
2022-03-10
Page 6