Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  >> 4.3.0  Security Vulnerabilities
CVE-2019-20887
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-19
CVE-2019-20888
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18875
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.
CVSS Score
4.9
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18876
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-06-19
CVE-2017-18877
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
CVE-2018-21248
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19
CVE-2018-21249
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
CVSS Score
3.7
EPSS Score
0.002
Published
2020-06-19
CVE-2018-21250
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-06-19
CVE-2018-21251
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
CVE-2018-21253
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved