Vulnerabilities > Mattermost > Mattermost Server > 7.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-3613 | Incorrect Authorization vulnerability in Mattermost Server Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. | 3.5 |
| 2023-07-17 | CVE-2023-3614 | Resource Exhaustion vulnerability in Mattermost Server Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. | 3.3 |
| 2023-05-12 | CVE-2023-2515 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin | 8.8 |
| 2023-04-17 | CVE-2023-1831 | Cleartext Transmission of Sensitive Information vulnerability in Mattermost Server Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled (ExperimentalAuditSettings section in config). | 7.5 |