Vulnerabilities > Mattermost > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-06-19 CVE-2017-18900 Injection vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.
network
low complexity
mattermost CWE-74
critical
 9.8
9.8
2020-06-19 CVE-2017-18888 SQL Injection vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-89
critical
 9.8
9.8
2020-06-19 CVE-2017-18885 Improper Privilege Management vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.
network
low complexity
mattermost CWE-269
critical
 9.8
9.8
2020-06-19 CVE-2017-18883 Insufficient Entropy vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider.
network
low complexity
mattermost CWE-331
critical
 9.1
9.1
2020-06-19 CVE-2018-21251 Missing Authorization vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 5.2 and 5.1.1.
network
low complexity
mattermost CWE-862
critical
 9.8
9.8
2020-06-19 CVE-2019-20856 Uncontrolled Search Path Element vulnerability in Mattermost Desktop 3.4.0/4.0.0/4.2.2
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS.
network
low complexity
mattermost CWE-427
critical
 9.8
9.8
2020-06-19 CVE-2019-20853 Exposure of Resource to Wrong Sphere vulnerability in Mattermost Packages
An issue was discovered in Mattermost Packages before 5.16.3.
network
low complexity
mattermost CWE-668
critical
 9.8
9.8
2020-06-19 CVE-2019-20851 Path Traversal vulnerability in Mattermost
An issue was discovered in Mattermost Mobile Apps before 1.26.0.
network
low complexity
mattermost CWE-22
critical
 9.1
9.1