Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 4.6.1  Security Vulnerabilities
CVE-2018-21260
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
CVSS Score
2.7
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21261
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20865
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20866
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20867
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20868
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20869
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20870
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
CVE-2019-20871
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2019-20872
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved