Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 5.0.1  Security Vulnerabilities
CVE-2018-21253
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21254
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21255
An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21257
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21258
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-06-19
CVE-2019-20866
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20867
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20870
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20854
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-06-19
CVE-2019-20855
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved