Vulnerabilities > Mattermost

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-5969 Resource Exhaustion vulnerability in Mattermost
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.
network
low complexity
mattermost CWE-400
5.3
2023-11-02 CVE-2023-5875 Unspecified vulnerability in Mattermost Desktop
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
network
low complexity
mattermost
5.3
2023-11-02 CVE-2023-5876 Unspecified vulnerability in Mattermost Desktop
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
network
high complexity
mattermost
5.3
2023-11-02 CVE-2023-5920 Unspecified vulnerability in Mattermost Desktop
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
local
low complexity
mattermost
3.3
2023-10-17 CVE-2023-5339 Information Exposure Through Log Files vulnerability in Mattermost Desktop
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
local
low complexity
mattermost CWE-532
5.5
2023-10-17 CVE-2023-5522 Unspecified vulnerability in Mattermost
Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. 
network
low complexity
mattermost
4.3
2023-10-09 CVE-2023-5330 Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server
Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.
network
low complexity
mattermost CWE-770
7.5
2023-10-09 CVE-2023-5331 Missing Authorization vulnerability in Mattermost Server
Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.
network
low complexity
mattermost CWE-862
5.3
2023-10-09 CVE-2023-5333 Unspecified vulnerability in Mattermost Server
Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.
network
low complexity
mattermost
6.5
2023-10-02 CVE-2023-5160 Unspecified vulnerability in Mattermost
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
network
low complexity
mattermost
4.3