Vulnerabilities > Mattermost > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-3577 Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server
Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.
network
low complexity
mattermost CWE-918
4.3
2023-07-17 CVE-2023-3582 Incorrect Authorization vulnerability in Mattermost Server
Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, 
network
low complexity
mattermost CWE-863
4.3
2023-07-17 CVE-2023-3585 Resource Exhaustion vulnerability in Mattermost Server
Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.
network
low complexity
mattermost CWE-400
4.3
2023-07-17 CVE-2023-3586 Incorrect Authorization vulnerability in Mattermost Server
Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.
network
low complexity
mattermost CWE-863
5.4
2023-07-17 CVE-2023-3593 Unspecified vulnerability in Mattermost Server
Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.
network
low complexity
mattermost
6.5
2023-06-16 CVE-2023-2785 Resource Exhaustion vulnerability in Mattermost
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service
network
low complexity
mattermost CWE-400
4.3
2023-06-16 CVE-2023-2792 Unspecified vulnerability in Mattermost
Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.
network
low complexity
mattermost
6.5
2023-06-16 CVE-2023-2793 Resource Exhaustion vulnerability in Mattermost
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.
network
low complexity
mattermost CWE-400
6.5
2023-06-16 CVE-2023-2797 Injection vulnerability in Mattermost
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.
network
low complexity
mattermost CWE-74
6.5
2023-06-16 CVE-2023-2831 Resource Exhaustion vulnerability in Mattermost
Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.
network
low complexity
mattermost CWE-400
6.5