Vulnerabilities > Mattermost > Mattermost Server > 3.7.4

DATE CVE VULNERABILITY TITLE RISK
2020-06-19 CVE-2017-18906 Improper Authentication vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. 		4.9
4.9
2020-06-19 CVE-2017-18905 Insufficient Session Expiration vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. 		5.0
5.0
2020-06-19 CVE-2017-18912 Path Traversal vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. 		7.5
7.5
2020-06-19 CVE-2017-18911 Improper Certificate Validation vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. 		6.4
6.4
2020-06-19 CVE-2017-18910 Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. 		4.0
4.0
2020-06-19 CVE-2017-18909 Improper Certificate Validation vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. 		4.3
4.3
2020-06-19 CVE-2017-18904 Cross-site Scripting vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. 		4.3
4.3
2020-06-19 CVE-2017-18903 Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. 		5.1
5.1
2020-06-19 CVE-2017-18902 Information Exposure vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. 		5.0
5.0
2020-06-19 CVE-2017-18901 Information Exposure vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. 		5.0
5.0