Vulnerabilities > Mattermost > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-47145 Unspecified vulnerability in Mattermost Server
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
network
low complexity
mattermost
4.3
2024-09-16 CVE-2024-39772 Unspecified vulnerability in Mattermost Desktop
Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.
network
low complexity
mattermost
5.3
2024-09-16 CVE-2024-45835 Unspecified vulnerability in Mattermost Desktop
Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.
network
low complexity
mattermost
6.5
2024-09-16 CVE-2024-45833 Unspecified vulnerability in Mattermost Mobile 1.26.0/1.29.0/1.30.0
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..
network
low complexity
mattermost
6.5
2024-08-22 CVE-2024-42497 Unspecified vulnerability in Mattermost Server
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.
network
low complexity
mattermost
4.9
2024-08-22 CVE-2024-43780 Unspecified vulnerability in Mattermost Server
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.
network
low complexity
mattermost
4.3
2024-08-22 CVE-2024-39810 Unspecified vulnerability in Mattermost
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash.
network
low complexity
mattermost
4.9
2024-08-22 CVE-2024-39836 Unspecified vulnerability in Mattermost
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.
network
low complexity
mattermost
6.5
2024-08-22 CVE-2024-42411 Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older.
network
low complexity
mattermost CWE-754
5.3
2024-08-22 CVE-2024-43813 Unspecified vulnerability in Mattermost
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.
network
low complexity
mattermost
4.3