Vulnerabilities > Mattermost > Mattermost Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-6458 | Injection vulnerability in Mattermost Server Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. | 9.8 |
| 2020-06-19 | CVE-2016-11074 | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 9.8 |
| 2020-06-19 | CVE-2017-18908 | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 9.8 |
| 2020-06-19 | CVE-2017-18915 | Incorrect Default Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 9.8 |
| 2020-06-19 | CVE-2017-18920 | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.2. | 9.8 |
| 2020-06-19 | CVE-2017-18883 | Insufficient Entropy vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. | 9.1 |
| 2020-06-19 | CVE-2017-18885 | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 9.8 |
| 2020-06-19 | CVE-2017-18888 | SQL Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 9.8 |
| 2020-06-19 | CVE-2017-18900 | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 9.8 |
| 2020-06-19 | CVE-2017-18911 | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 9.1 |