Mattermost: >> Mattermost Server >> 1.2.0 Security Vulnerabilities
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-19
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19