cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-46872,https://securityvulnerability.io/vulnerability/CVE-2024-46872,Input Sanitization Flaw in Mattermost Web Application,"A critical input sanitization vulnerability has been discovered in Mattermost, affecting versions 9.10.2 or earlier in the 9.10.x series, 9.11.1 or earlier in the 9.11.x series, and 9.5.9 or earlier in the 9.5.x series. This vulnerability arises from the failure to properly sanitize user inputs on the frontend, enabling malicious actors to exploit it through a one-click client-side path traversal. This flaw has serious implications, as it establishes a potential pathway for Cross-Site Request Forgery (CSRF) attacks in Playbooks. Organizations using these affected versions are strongly advised to implement the recommended security updates to mitigate associated risks.",Mattermost,Mattermost Server,4.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-29T09:15:00.000Z,0
CVE-2024-39772,https://securityvulnerability.io/vulnerability/CVE-2024-39772,Screen Capture Vulnerability in Mattermost Desktop App,The Mattermost Desktop App versions up to 5.8.0 have a vulnerability that compromises the screen capture functionality. This flaw allows attackers to leverage JavaScript APIs to silently capture high-quality screenshots without the end-user's consent or knowledge. Users of the Mattermost Desktop App should be aware of this risk and take necessary precautions to safeguard their sensitive information.,Mattermost,Mattermost Server,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-16T15:15:00.000Z,0
CVE-2024-45835,https://securityvulnerability.io/vulnerability/CVE-2024-45835,Vulnerability in Electron Configuration of Mattermost Desktop App,"The Mattermost Desktop App versions 5.8.0 and earlier exhibit a security vulnerability linked to insufficient configuration of Electron Fuses. This misconfiguration may allow an attacker to exploit the application to access sensitive data, including Chromium cookies. Additionally, it can facilitate other possible abuses via both remote and local access. Users of the affected version should take immediate action to mitigate risks associated with this vulnerability.",Mattermost,Mattermost Server,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-16T15:15:00.000Z,0
CVE-2024-40884,https://securityvulnerability.io/vulnerability/CVE-2024-40884,Mattermost Permission Enforcement Vulnerability,"Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without ""Add Team Members"" permission to disable the invite URL.",Mattermost,Mattermost Server,2.7,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-22T16:15:00.000Z,0
CVE-2024-42497,https://securityvulnerability.io/vulnerability/CVE-2024-42497,Mattermost Permissions Vulnerability Allows Read-Only Users to Perform Write Operations,"Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.",Mattermost,Mattermost Server,4.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-22T16:15:00.000Z,0
CVE-2024-43780,https://securityvulnerability.io/vulnerability/CVE-2024-43780,Files Can Be Uploaded by Guest Users Despite Permission Restrictions,"Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.",Mattermost,Mattermost Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-22T16:15:00.000Z,0
CVE-2024-41162,https://securityvulnerability.io/vulnerability/CVE-2024-41162,Remote Channel Manipulation Vulnerability in Mattermost by Mattermost Inc.,"A security flaw in Mattermost allows remote users to modify local channels when shared channels are enabled. This vulnerability enables malicious actors to make arbitrary local channels read-only, potentially disrupting user access and communication. Various versions of Mattermost are affected, necessitating users to update their installations to mitigate risks associated with unauthorized channel modifications.",Mattermost,Mattermost Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-01T15:15:00.000Z,0
CVE-2024-39837,https://securityvulnerability.io/vulnerability/CVE-2024-39837,Channel Creation Vulnerability in Mattermost by Mattermost,"Mattermost versions 9.9.x up to and including 9.9.0 and 9.5.x up to and including 9.5.6 exhibit a flaw in the management of channel permissions. This vulnerability allows an unauthorized remote attacker to create arbitrary channels when shared channels are enabled, potentially leading to information disclosure and misuse of the platform. Organizations using these versions are advised to implement immediate corrective actions by updating to the latest secure versions and reviewing their channel sharing settings.",Mattermost,Mattermost Server,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-01T15:15:00.000Z,0
CVE-2024-39839,https://securityvulnerability.io/vulnerability/CVE-2024-39839,"Username Manipulation Vulnerability in Mattermost by Mattermost, Inc.","Certain versions of Mattermost have a vulnerability that allows users to alter their remote username when shared channels are enabled. This breach permits a user to configure their remote username to any arbitrary value, which is subsequently synchronized to the local server unless the user has been previously synced. This could potentially lead to identity misrepresentation and security concerns within collaborative environments.",Mattermost,Mattermost Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-01T15:15:00.000Z,0
CVE-2024-41926,https://securityvulnerability.io/vulnerability/CVE-2024-41926,Sync Message Validation Issue in Mattermost by Mattermost,"Certain versions of Mattermost, specifically those in the 9.9.x range up to 9.9.0 and 9.5.x range up to 9.5.6, suffer from a validation issue regarding sync messages. This flaw permits a malicious remote entity to submit arbitrary RemoteId values, potentially allowing them to incorrectly assert that a user was synced from a different remote source. Such an exploit could compromise user integrity and lead to unauthorized access scenarios.",Mattermost,Mattermost Server,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-08-01T15:15:00.000Z,0
CVE-2024-21848,https://securityvulnerability.io/vulnerability/CVE-2024-21848,Attacker Can Participate in Active Calls Despite Being Removed from Channel,"Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

",Mattermost,Mattermost Server,3.1,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-05T09:15:00.000Z,0
CVE-2024-28949,https://securityvulnerability.io/vulnerability/CVE-2024-28949,Large Number of User Preferences Can Cause Denial of Service,"Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

",Mattermost,Mattermost Server,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-05T09:15:00.000Z,0
CVE-2024-29221,https://securityvulnerability.io/vulnerability/CVE-2024-29221,Insecure Endpoint Allows Team Admins to Invite Users Despite Removal of 'Add Members' Permission,"Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the ""Add Members"" permission was explicitly removed from team admins. 

",Mattermost,Mattermost Server,3.8,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-05T09:15:00.000Z,0
CVE-2015-9548,https://securityvulnerability.io/vulnerability/CVE-2015-9548,Memory Consumption Vulnerability in Mattermost Server,"A memory consumption vulnerability was identified in Mattermost Server versions earlier than 1.2.0. This flaw can be exploited by attackers through the use of a specially crafted compressed file that, when decompressed, consumes excessive memory, leading to potential denial of service. It is crucial for users to ensure their systems are updated to the latest version to mitigate the risk associated with this vulnerability. For further details, you can visit the security updates page.",Mattermost,Mattermost Server,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-06-19T19:30:35.000Z,0
CVE-2016-11084,https://securityvulnerability.io/vulnerability/CVE-2016-11084,Cross-Site Scripting in Mattermost Server by Mattermost,"An issue in Mattermost Server versions prior to 2.1.0 enables Cross-Site Scripting through Cross-Site Request Forgery (CSRF). This vulnerability can potentially allow an attacker to execute arbitrary scripts in a user's context, compromising the security of the affected user accounts.",Mattermost,Mattermost Server,6.1,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-06-19T19:30:10.000Z,0
CVE-2016-11083,https://securityvulnerability.io/vulnerability/CVE-2016-11083,Cross-Site Scripting Vulnerability in Mattermost Server by Mattermost,"A vulnerability exists in Mattermost Server prior to version 2.2.0 that exposes the application to Cross-Site Scripting (XSS) attacks. This occurs due to misconfigured file handling, allowing malicious scripts to be executed in a user's browser. By exploiting this vulnerability, attackers can gain unauthorized access to user sessions and sensitive data, emphasizing the need for timely updates and security measures.",Mattermost,Mattermost Server,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-06-19T19:29:43.000Z,0
CVE-2016-11082,https://securityvulnerability.io/vulnerability/CVE-2016-11082,Cross-Site Scripting in Mattermost Server Pre-2.2.0,"A vulnerability has been found in Mattermost Server versions prior to 2.2.0 that allows attackers to execute cross-site scripting (XSS) through crafted links. This flaw enables malicious users to potentially manipulate webpage content, leading to unauthorized access or data theft. Users are strongly advised to upgrade to the latest version to mitigate risks associated with this vulnerability.",Mattermost,Mattermost Server,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-06-19T19:29:32.000Z,0
CVE-2016-11081,https://securityvulnerability.io/vulnerability/CVE-2016-11081,Information Disclosure Vulnerability in Mattermost Server,"An information disclosure vulnerability was found in Mattermost Server prior to version 2.2.0, which allows unauthorized access to sensitive data stored in a web browser. This vulnerability can potentially expose users to the risk of their private information being revealed, posing a threat to their data integrity and confidentiality.",Mattermost,Mattermost Server,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-06-19T19:29:13.000Z,0
CVE-2016-11080,https://securityvulnerability.io/vulnerability/CVE-2016-11080,Excessive API Access in Mattermost Server for Team Administrators,"An issue exists in Mattermost Server, where Team Administrators have access to unnecessary APIs that allow them to view sensitive account details. This superfluous access can lead to potential privacy breaches and unauthorized visibility into user information, creating risks for organizations relying on the platform for team collaboration.",Mattermost,Mattermost Server,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-06-19T19:28:59.000Z,0
CVE-2016-11079,https://securityvulnerability.io/vulnerability/CVE-2016-11079,Cross-Site Scripting Vulnerability in Mattermost Server,"A vulnerability has been identified in Mattermost Server prior to version 3.0.0, which allows attackers to exploit cross-site scripting (XSS) through a manipulated redirect URL. This flaw can lead to unauthorized access and manipulation of user data, posing significant security risks. Users of affected versions are advised to apply the latest security updates to mitigate potential attacks.",Mattermost,Mattermost Server,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-06-19T19:28:42.000Z,0
CVE-2016-11078,https://securityvulnerability.io/vulnerability/CVE-2016-11078,Sensitive Information Disclosure in Mattermost Server by Mattermost,"A vulnerability exists in Mattermost Server versions prior to 3.0.0 that may enable unauthorized users to access confidential information, specifically credential fields located in the config.json file. This flaw can be exploited through the System Console UI, presenting a risk of sensitive data exposure which could lead to further compromises. It is crucial for users to upgrade to the latest version to mitigate this security risk and protect their sensitive information.",Mattermost,Mattermost Server,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-06-19T19:28:22.000Z,0
CVE-2016-11077,https://securityvulnerability.io/vulnerability/CVE-2016-11077,LDAP Account Name and Email Modification in Mattermost Server,"Mattermost Server versions prior to 3.0.0 contain a vulnerability that permits a System Administrator to alter the account name and email address of LDAP accounts without proper restrictions. This superfluous API feature can be exploited, potentially leading to unauthorized account manipulation and risks to sensitive user data. It is crucial for administrators to review their configurations and apply updates to safeguard against this issue.",Mattermost,Mattermost Server,2.7,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2020-06-19T19:28:01.000Z,0
CVE-2016-11076,https://securityvulnerability.io/vulnerability/CVE-2016-11076,Cookie Handling Vulnerability in Mattermost Server by Mattermost,"A vulnerability was identified in Mattermost Server versions prior to 3.0.0, which fails to enforce the usage of cookies over SSL. This oversight can expose sensitive information during transmission, making it susceptible to interception by malicious actors. Implementing secure cookie handling practices is essential for maintaining the integrity and confidentiality of user data.",Mattermost,Mattermost Server,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-06-19T19:27:37.000Z,0
CVE-2016-11075,https://securityvulnerability.io/vulnerability/CVE-2016-11075,Sensitive Information Exposure in Mattermost Server by Mattermost,"An issue was discovered in earlier versions of Mattermost Server that can lead to unauthorized access to sensitive data. Attackers may exploit this vulnerability to retrieve team URLs through the API, posing a significant risk to the confidentiality of the affected systems. Proper security measures and upgrades to the latest version are essential to mitigate this risk effectively.",Mattermost,Mattermost Server,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-06-19T19:27:18.000Z,0
CVE-2016-11074,https://securityvulnerability.io/vulnerability/CVE-2016-11074,Password Reset Link Vulnerability in Mattermost Server,"A security issue was discovered in Mattermost Server prior to version 3.0.0, where a password-reset link could be reused. This vulnerability poses a risk of unauthorized account access, potentially allowing attackers to exploit the weakened security of user accounts by generating multiple resets.",Mattermost,Mattermost Server,9.8,CRITICAL,0.0030900000128895044,false,,false,false,false,,,false,false,,2020-06-19T19:26:52.000Z,0