Vulnerabilities > Mattermost > Mattermost Server > 9.3.2

DATE CVE VULNERABILITY TITLE RISK
2024-04-05 CVE-2024-28949 Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server
Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.
network
low complexity
mattermost CWE-770
6.5
6.5
2024-04-05 CVE-2024-29221 Unspecified vulnerability in Mattermost Server
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins.
network
low complexity
mattermost
3.8
3.8
2024-04-05 CVE-2024-2447 Origin Validation Error vulnerability in Mattermost Server
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.
network
low complexity
mattermost CWE-346
6.5
6.5