Vulnerabilities > Mattermost > Mattermost Server > 9.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2024-23493 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. | 6.5 |
| 2024-02-29 | CVE-2024-24988 | Unspecified vulnerability in Mattermost Server Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server. | 6.5 |
| 2024-02-09 | CVE-2024-1402 | Resource Exhaustion vulnerability in Mattermost Server Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post. | 4.3 |
| 2024-01-02 | CVE-2023-47858 | Unspecified vulnerability in Mattermost Server Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint. | 4.3 |
| 2023-12-12 | CVE-2023-49809 | Resource Exhaustion vulnerability in Mattermost Server Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. | 6.5 |