Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 5.10.0  Security Vulnerabilities
CVE-2020-14452
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-06-19
CVE-2020-14453
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2020-14457
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2020-14458
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
CVE-2020-14459
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20845
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20846
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20847
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved