Vulnerabilities > Mattermost

DATE CVE VULNERABILITY TITLE RISK
2020-06-19 CVE-2017-18892 Improper Encoding or Escaping of Output vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.
network
low complexity
mattermost CWE-116
6.1
2020-06-19 CVE-2017-18891 Open Redirect vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.
network
low complexity
mattermost CWE-601
6.1
2020-06-19 CVE-2017-18890 Improper Input Validation vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-20
4.3
2020-06-19 CVE-2017-18889 Improper Input Validation vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-20
4.3
2020-06-19 CVE-2017-18888 SQL Injection vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-89
critical
9.8
2020-06-19 CVE-2017-18887 Information Exposure vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-200
5.3
2020-06-19 CVE-2017-18886 Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-732
8.8
2020-06-19 CVE-2017-18885 Improper Privilege Management vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-269
critical
9.8
2020-06-19 CVE-2017-18884 Improper Privilege Management vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-269
8.1
2020-06-19 CVE-2017-18883 Insufficient Entropy vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider.
network
low complexity
mattermost CWE-331
critical
9.1