Vulnerabilities > Mattermost
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-5875 | Unspecified vulnerability in Mattermost Desktop Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | 5.3 |
| 2023-11-02 | CVE-2023-5876 | Unspecified vulnerability in Mattermost Desktop Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. | 5.3 |
| 2023-11-02 | CVE-2023-5920 | Unspecified vulnerability in Mattermost Desktop Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | 3.3 |
| 2023-10-17 | CVE-2023-5339 | Information Exposure Through Log Files vulnerability in Mattermost Desktop Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. | 5.5 |
| 2023-10-17 | CVE-2023-5522 | Unspecified vulnerability in Mattermost Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. | 4.3 |
| 2023-10-09 | CVE-2023-5330 | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. | 7.5 |
| 2023-10-09 | CVE-2023-5331 | Missing Authorization vulnerability in Mattermost Server Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | 5.3 |
| 2023-10-09 | CVE-2023-5333 | Unspecified vulnerability in Mattermost Server Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. | 6.5 |
| 2023-10-02 | CVE-2023-5160 | Unspecified vulnerability in Mattermost Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled | 4.3 |
| 2023-09-29 | CVE-2023-5159 | Incorrect Authorization vulnerability in Mattermost Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. | 2.7 |