Vulnerabilities > Mattermost > Mattermost Server > 9.0.6

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2024-23493 Missing Authorization vulnerability in Mattermost Server
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. 
network
low complexity
mattermost CWE-862
6.5
2024-02-29 CVE-2024-24988 Unspecified vulnerability in Mattermost Server
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.
network
low complexity
mattermost
6.5
2024-02-09 CVE-2024-1402 Resource Exhaustion vulnerability in Mattermost Server
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post. 
network
low complexity
mattermost CWE-400
4.3
2023-12-12 CVE-2023-49809 Resource Exhaustion vulnerability in Mattermost Server
Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash.
network
low complexity
mattermost CWE-400
6.5