Vulnerabilities > Mattermost

DATE CVE VULNERABILITY TITLE RISK
2020-06-19 CVE-2017-18918 Improper Certificate Validation vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5.
network
low complexity
mattermost CWE-295
4.9
2020-06-19 CVE-2017-18917 Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-916
7.5
2020-06-19 CVE-2017-18916 Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-732
5.3
2020-06-19 CVE-2017-18915 Incorrect Default Permissions vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-276
critical
9.8
2020-06-19 CVE-2017-18914 Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-754
5.3
2020-06-19 CVE-2017-18913 Cross-site Scripting vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-79
6.1
2020-06-19 CVE-2017-18908 Improper Authentication vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.
network
low complexity
mattermost CWE-287
critical
9.8
2020-06-19 CVE-2017-18907 Cross-site Scripting vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.
network
low complexity
mattermost CWE-79
6.1
2020-06-19 CVE-2017-18906 Improper Authentication vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used.
network
low complexity
mattermost CWE-287
8.1
2020-06-19 CVE-2017-18905 Insufficient Session Expiration vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
network
low complexity
mattermost CWE-613
5.3