Vulnerabilities > Mattermost > Mattermost Server > 8.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-09 | CVE-2023-5330 | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. | 7.5 |
| 2023-10-09 | CVE-2023-5331 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | 5.3 |
| 2023-10-09 | CVE-2023-5333 | Unspecified vulnerability in Mattermost Server Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. | 6.5 |
| 2023-08-25 | CVE-2023-4478 | Injection vulnerability in Mattermost Server Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | 8.2 |