Vulnerabilities > Mattermost > Mattermost Server > 7.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-27 | CVE-2023-27266 | Information Exposure vulnerability in Mattermost Server Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 |
2022-09-09 | CVE-2022-3147 | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service. | 6.5 |