Vulnerabilities > Mattermost

DATE CVE VULNERABILITY TITLE RISK
2023-10-17 CVE-2023-5522 Unspecified vulnerability in Mattermost
Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. 
network
low complexity
mattermost
4.3
2023-10-09 CVE-2023-5330 Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
network
low complexity
mattermost CWE-770
7.5
2023-10-09 CVE-2023-5331 Missing Authorization vulnerability in Mattermost Server
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
network
low complexity
mattermost CWE-862
5.3
2023-10-09 CVE-2023-5333 Unspecified vulnerability in Mattermost Server
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
network
low complexity
mattermost
6.5
2023-10-02 CVE-2023-5160 Unspecified vulnerability in Mattermost
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
network
low complexity
mattermost
4.3
2023-09-29 CVE-2023-5159 Incorrect Authorization vulnerability in Mattermost
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
network
low complexity
mattermost CWE-863
2.7
2023-09-29 CVE-2023-5193 Incorrect Authorization vulnerability in Mattermost
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
network
low complexity
mattermost CWE-863
2.7
2023-09-29 CVE-2023-5194 Incorrect Authorization vulnerability in Mattermost
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
network
low complexity
mattermost CWE-863
4.3
2023-09-29 CVE-2023-5195 Incorrect Authorization vulnerability in Mattermost
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
network
low complexity
mattermost CWE-863
5.4
2023-09-29 CVE-2023-5196 Resource Exhaustion vulnerability in Mattermost
Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.
network
low complexity
mattermost CWE-400
6.5