Vulnerabilities > Mattermost
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-3590 | Incorrect Authorization vulnerability in Mattermost Server 7.10.0/7.10.1/7.10.2 Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. | 7.5 |
| 2023-07-17 | CVE-2023-3591 | Improper Authentication vulnerability in Mattermost Server Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. | 8.2 |
| 2023-07-17 | CVE-2023-3593 | Unspecified vulnerability in Mattermost Server Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. | 6.5 |
| 2023-07-17 | CVE-2023-3613 | Incorrect Authorization vulnerability in Mattermost Server Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. | 3.5 |
| 2023-07-17 | CVE-2023-3614 | Resource Exhaustion vulnerability in Mattermost Server Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. | 3.3 |
| 2023-07-17 | CVE-2023-3615 | Improper Certificate Validation vulnerability in Mattermost Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. | 8.1 |
| 2023-06-16 | CVE-2023-2785 | Resource Exhaustion vulnerability in Mattermost Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service | 4.3 |
| 2023-06-16 | CVE-2023-2792 | Unspecified vulnerability in Mattermost Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command. | 6.5 |
| 2023-06-16 | CVE-2023-2793 | Resource Exhaustion vulnerability in Mattermost Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message. | 6.5 |
| 2023-06-16 | CVE-2023-2797 | Injection vulnerability in Mattermost Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel. | 6.5 |