Mattermost: >> Mattermost >> 7.10.0 Security Vulnerabilities
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged
CVSS Score
4.5
EPSS Score
0.001
Published
2023-08-11
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message
CVSS Score
3.1
EPSS Score
0.003
Published
2023-08-11
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-08-11
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-08-11
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-16
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
CVSS Score
3.1
EPSS Score
0.005
Published
2023-06-16
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-16
Page 1