Vulnerabilities > Mattermost

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-48369 Resource Exhaustion vulnerability in Mattermost
Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.
network
low complexity
mattermost CWE-400
5.3
2023-11-27 CVE-2023-6202 Unspecified vulnerability in Mattermost
Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g.
network
low complexity
mattermost
4.3
2023-11-27 CVE-2023-47865 Unspecified vulnerability in Mattermost
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post.
network
low complexity
mattermost
4.3
2023-11-06 CVE-2023-5967 Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost
Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin
network
low complexity
mattermost CWE-754
4.3
2023-11-06 CVE-2023-5968 Improper Encoding or Escaping of Output vulnerability in Mattermost
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. 
network
low complexity
mattermost CWE-116
4.9
2023-11-06 CVE-2023-5969 Resource Exhaustion vulnerability in Mattermost
Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.
network
low complexity
mattermost CWE-400
5.3
2023-11-02 CVE-2023-5875 Unspecified vulnerability in Mattermost Desktop
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server
network
low complexity
mattermost
5.3
2023-11-02 CVE-2023-5876 Unspecified vulnerability in Mattermost Desktop
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.
network
high complexity
mattermost
5.3
2023-11-02 CVE-2023-5920 Unspecified vulnerability in Mattermost Desktop
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.
local
low complexity
mattermost
3.3
2023-10-17 CVE-2023-5339 Information Exposure Through Log Files vulnerability in Mattermost Desktop
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. 
local
low complexity
mattermost CWE-532
5.5