Vulnerabilities > Mattermost > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-01 CVE-2024-39777 Unspecified vulnerability in Mattermost
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local channel will then become shared without the consent of the local admin.
network
low complexity
mattermost
critical
 9.6
9.6
2023-12-06 CVE-2023-6458 Injection vulnerability in Mattermost Server
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal.
network
low complexity
mattermost CWE-74
critical
 9.8
9.8
2023-04-20 CVE-2023-2193 Missing Authorization vulnerability in Mattermost
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
network
low complexity
mattermost CWE-862
critical
 9.1
9.1
2020-06-19 CVE-2017-18920 Unspecified vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.6.2.
network
low complexity
mattermost
critical
 9.8
9.8
2020-06-19 CVE-2017-18915 Incorrect Default Permissions vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-276
critical
 9.8
9.8
2020-06-19 CVE-2017-18908 Improper Authentication vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.
network
low complexity
mattermost CWE-287
critical
 9.8
9.8
2020-06-19 CVE-2016-11074 Improper Authentication vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.0.0.
network
low complexity
mattermost CWE-287
critical
 9.8
9.8
2020-06-19 CVE-2016-11064 Code Injection vulnerability in Mattermost Desktop
An issue was discovered in Mattermost Desktop App before 3.4.0.
network
low complexity
mattermost CWE-94
critical
 9.8
9.8
2020-06-19 CVE-2017-18912 Path Traversal vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-22
critical
 9.8
9.8
2020-06-19 CVE-2017-18911 Improper Certificate Validation vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-295
critical
 9.1
9.1