Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 4.10.7  Security Vulnerabilities
CVE-2019-20870
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20871
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20872
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-19
CVE-2019-20873
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-06-19
CVE-2019-20874
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
CVE-2019-20854
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-06-19
CVE-2019-20855
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
CVE-2019-20857
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20858
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20859
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved