Mattermost: >> Mattermost Server >> 3.0.2 Security Vulnerabilities
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-06-19