|
252611
|
8.8 |
HIGH
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-18886
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252612
|
9.8 |
CRITICAL
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.
|
CWE-269
Improper Privilege Management
|
CVE-2017-18885
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252613
|
8.1 |
HIGH
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.
|
CWE-269
Improper Privilege Management
|
CVE-2017-18884
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252614
|
9.1 |
CRITICAL
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
|
CWE-331
Insufficient Entropy
|
CVE-2017-18883
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252615
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18882
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252616
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18881
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252617
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18880
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252618
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18879
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252619
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-18878
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252620
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
|
CWE-22
Path Traversal
|
CVE-2017-18874
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
