Vulnerabilities > Mattermost > Mattermost Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-3587 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. | 2.7 |
| 2023-07-17 | CVE-2023-3584 | Incorrect Authorization vulnerability in Mattermost Server Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme. | 3.1 |
| 2023-02-27 | CVE-2023-27266 | Information Exposure vulnerability in Mattermost Server Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 |
| 2023-02-27 | CVE-2023-27265 | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. | 2.7 |
| 2020-06-19 | CVE-2016-11077 | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 2.7 |
| 2020-06-19 | CVE-2018-21249 | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.3.0. | 3.7 |
| 2020-06-19 | CVE-2018-21260 | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. | 2.7 |