|
250031
|
5.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
|
CWE-287
Improper Authentication
|
CVE-2017-18919
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250032
|
4.9 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-18918
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250033
|
7.5 |
HIGH
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2017-18917
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250034
|
5.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-18916
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250035
|
9.8 |
CRITICAL
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-18915
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250036
|
5.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2017-18914
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250037
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18913
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250038
|
9.8 |
CRITICAL
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
|
CWE-287
Improper Authentication
|
CVE-2017-18908
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250039
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18907
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250040
|
8.1 |
HIGH
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
|
CWE-287
Improper Authentication
|
CVE-2017-18906
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
