| CVE-2017-18917 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations in github.com/mattermost/mattermost-server |
| CVE-2017-18915 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server server restarts may provide attackers with API access in github.com/mattermost/mattermost-server |
| CVE-2017-18918 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server does not restrict SAML certificate path for System Administrators in github.com/mattermost/mattermost-server |
| CVE-2017-18903 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server vulnerable to CSRF if CORS is enabled in github.com/mattermost/mattermost-server |
| CVE-2017-18908 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server password reset email requests can be sent to attacker-provided email addresses in github.com/mattermost/mattermost-server |
| CVE-2017-18907 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server vulnerable to XSS through channel headers in github.com/mattermost/mattermost-server |
| CVE-2017-18909 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server SAML implementation does not require encryption or signature verification as default in github.com/mattermost/mattermost-server |
| CVE-2017-18906 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server vulnerable to user account takeover when Single Sign-On OAuth2 is used in github.com/mattermost/mattermost-server |
| CVE-2017-18905 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server has Insufficient Session Expiration when used as an OAuth 2.0 service provider in github.com/mattermost/mattermost-server |
| CVE-2017-18904 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server |
| CVE-2017-18902 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes team invite IDs through API endpoints in github.com/mattermost/mattermost-server |
| CVE-2017-18900 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server |
| CVE-2017-18901 |
unknown |
— |
— |
|
|
|
4y ago |
CVE-2017-18901 in github.com/mattermost/mattermost-server |
| CVE-2017-18891 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server does not safeguard against phishing via error page links in github.com/mattermost/mattermost-server |
| CVE-2017-18892 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server does not neutralize HTML content in an Email template field in github.com/mattermost/mattermost-server |
| CVE-2017-18897 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server mishandles redirect denial action in github.com/mattermost/mattermost-server |
| CVE-2017-18896 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint in github.com/mattermost/mattermost-server |
| CVE-2017-18894 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server |
| CVE-2017-18898 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to DoS through maliciously crafted posts in github.com/mattermost/mattermost-server |
| CVE-2017-18895 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server |
| CVE-2017-18893 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to XSS through display name field in github.com/mattermost/mattermost-server |
| CVE-2017-18890 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows attackers to create buttons that can launch API requests in github.com/mattermost/mattermost-server |
| CVE-2017-18888 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests in github.com/mattermost/mattermost-server |
| CVE-2017-18889 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to webhook and slash command manipulation in github.com/mattermost/mattermost-server |
| CVE-2017-18885 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server |
| CVE-2017-18886 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server does not properly restrict use of slash commands in github.com/mattermost/mattermost-server |
| CVE-2017-18884 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server |
| CVE-2017-18883 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider in github.com/mattermost/mattermost-server |
| CVE-2017-18873 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server |
| CVE-2017-18887 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes team creator's e-mail address to other members in github.com/mattermost/mattermost-server |
| CVE-2017-18879 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to XSS through author_link field in Slack attachments in github.com/mattermost/mattermost-server |
| CVE-2017-18877 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page in github.com/mattermost/mattermost-server |
| CVE-2017-18876 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server |
| CVE-2017-18878 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows users with a session ID to revoke another users' session in github.com/mattermost/mattermost-server |
| CVE-2017-18875 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server does not prevent System Admin from arbitrary file creation in github.com/mattermost/mattermost-server |
| CVE-2017-18872 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization in github.com/mattermost/mattermost-server |
| CVE-2017-18874 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to Directory Traversal by System Admins in github.com/mattermost/mattermost-server |
| CVE-2016-11084 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows XSS via CSRF in github.com/mattermost/mattermost-server |
| CVE-2017-18871 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server |
| CVE-2016-11081 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes information stored by a web browser in github.com/mattermost/mattermost-server |
| CVE-2016-11077 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows System Admin to modify LDAP account names and email addresses in github.com/mattermost/mattermost-server |
| CVE-2016-11079 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server allows XSS via redirect URL in github.com/mattermost/mattermost-server |
| CVE-2016-11083 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution in github.com/mattermost/mattermost-server |
| CVE-2016-11080 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes account details to any Team Administrator in github.com/mattermost/mattermost-server |
| CVE-2016-11082 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to XSS through crafted links in github.com/mattermost/mattermost-server |
| CVE-2016-11066 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server: initial_load API exposes unnecessary information in github.com/mattermost/mattermost-server |
| CVE-2016-11067 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to Uncontrolled Resource Consumption in github.com/mattermost/mattermost-server |
| CVE-2016-11076 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server |
| CVE-2016-11068 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server |
| CVE-2016-11070 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to XSS through customizable theme color-code values in github.com/mattermost/mattermost-server |
| CVE-2016-11069 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server does not enforce rate limits on password change attempts in github.com/mattermost/mattermost-server |
| CVE-2016-11075 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server |
| CVE-2016-11072 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server's Session ID and Session Token are potentially compromised in github.com/mattermost/mattermost-server |
| CVE-2016-11073 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to XSS via a Legal or Support setting in github.com/mattermost/mattermost-server |
| CVE-2016-11078 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server exposes sensitive information via its System Console UI in github.com/mattermost/mattermost-server |
| CVE-2016-11071 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server is vulnerable to XSS through lack of link relationship attributes `noreferrer` and `noopener` in github.com/mattermost/mattermost-server |
| CVE-2016-11074 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server: Insufficient Password-Reset Link Invalidation in github.com/mattermost/mattermost-server |
| CVE-2016-11063 |
unknown |
— |
— |
|
|
|
4y ago |
Mattermost Server vulnerable to Cross-site Scripting through file preview feature in github.com/mattermost/mattermost-server |
| CVE-2022-1385 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server |
| CVE-2022-1384 |
unknown |
— |
— |
|
|
|
4y ago |
Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server |
| CVE-2022-1337 |
unknown |
— |
— |
|
|
|
4y ago |
Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server |
| CVE-2022-1332 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server |
