VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/mattermost/mattermost-server

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-18891 unknown 4y ago Mattermost Server does not safeguard against phishing via error page links in github.com/mattermost/mattermost-server golang
CVE-2017-18892 unknown 4y ago Mattermost Server does not neutralize HTML content in an Email template field in github.com/mattermost/mattermost-server golang
CVE-2017-18898 unknown 4y ago Mattermost Server is vulnerable to DoS through maliciously crafted posts in github.com/mattermost/mattermost-server golang
CVE-2017-18897 unknown 4y ago Mattermost Server mishandles redirect denial action in github.com/mattermost/mattermost-server golang
CVE-2017-18896 unknown 4y ago Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint in github.com/mattermost/mattermost-server golang
CVE-2017-18895 unknown 4y ago Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server golang
CVE-2017-18893 unknown 4y ago Mattermost Server is vulnerable to XSS through display name field in github.com/mattermost/mattermost-server golang
CVE-2017-18884 unknown 4y ago Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server golang
CVE-2017-18889 unknown 4y ago Mattermost Server is vulnerable to webhook and slash command manipulation in github.com/mattermost/mattermost-server golang
CVE-2017-18886 unknown 4y ago Mattermost Server does not properly restrict use of slash commands in github.com/mattermost/mattermost-server golang
CVE-2017-18885 unknown 4y ago Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server golang
CVE-2017-18876 unknown 4y ago Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server golang
CVE-2017-18875 unknown 4y ago Mattermost Server does not prevent System Admin from arbitrary file creation in github.com/mattermost/mattermost-server golang
CVE-2017-18887 unknown 4y ago Mattermost Server exposes team creator's e-mail address to other members in github.com/mattermost/mattermost-server golang
CVE-2017-18873 unknown 4y ago Mattermost Server is vulnerable to channel invisibility DoS via misformatted post in github.com/mattermost/mattermost-server golang
CVE-2017-18883 unknown 4y ago Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider in github.com/mattermost/mattermost-server golang
CVE-2017-18879 unknown 4y ago Mattermost Server is vulnerable to XSS through author_link field in Slack attachments in github.com/mattermost/mattermost-server golang
CVE-2017-18878 unknown 4y ago Mattermost Server allows users with a session ID to revoke another users' session in github.com/mattermost/mattermost-server golang
CVE-2017-18877 unknown 4y ago Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page in github.com/mattermost/mattermost-server golang
CVE-2016-11084 unknown 4y ago Mattermost Server allows XSS via CSRF in github.com/mattermost/mattermost-server golang
CVE-2016-11082 unknown 4y ago Mattermost Server is vulnerable to XSS through crafted links in github.com/mattermost/mattermost-server golang
CVE-2016-11083 unknown 4y ago Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution in github.com/mattermost/mattermost-server golang
CVE-2016-11081 unknown 4y ago Mattermost Server exposes information stored by a web browser in github.com/mattermost/mattermost-server golang
CVE-2016-11080 unknown 4y ago Mattermost Server exposes account details to any Team Administrator in github.com/mattermost/mattermost-server golang
CVE-2016-11077 unknown 4y ago Mattermost Server allows System Admin to modify LDAP account names and email addresses in github.com/mattermost/mattermost-server golang
CVE-2016-11079 unknown 4y ago Mattermost Server allows XSS via redirect URL in github.com/mattermost/mattermost-server golang
CVE-2017-18874 unknown 4y ago Mattermost Server is vulnerable to Directory Traversal by System Admins in github.com/mattermost/mattermost-server golang
CVE-2017-18872 unknown 4y ago Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization in github.com/mattermost/mattermost-server golang
CVE-2017-18871 unknown 4y ago Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server golang
CVE-2016-11068 unknown 4y ago Mattermost Server is vulnerable to Code Injection through its LDAP fields in github.com/mattermost/mattermost-server golang
CVE-2016-11069 unknown 4y ago Mattermost Server does not enforce rate limits on password change attempts in github.com/mattermost/mattermost-server golang
CVE-2016-11070 unknown 4y ago Mattermost Server is vulnerable to XSS through customizable theme color-code values in github.com/mattermost/mattermost-server golang
CVE-2016-11073 unknown 4y ago Mattermost Server is vulnerable to XSS via a Legal or Support setting in github.com/mattermost/mattermost-server golang
CVE-2016-11072 unknown 4y ago Mattermost Server's Session ID and Session Token are potentially compromised in github.com/mattermost/mattermost-server golang
CVE-2016-11071 unknown 4y ago Mattermost Server is vulnerable to XSS through lack of link relationship attributes `noreferrer` and `noopener` in github.com/mattermost/mattermost-server golang
CVE-2016-11066 unknown 4y ago Mattermost Server: initial_load API exposes unnecessary information in github.com/mattermost/mattermost-server golang
CVE-2016-11067 unknown 4y ago Mattermost Server is vulnerable to Uncontrolled Resource Consumption in github.com/mattermost/mattermost-server golang
CVE-2016-11078 unknown 4y ago Mattermost Server exposes sensitive information via its System Console UI in github.com/mattermost/mattermost-server golang
CVE-2016-11076 unknown 4y ago Mattermost Server does not check if cookies are used over SSL in github.com/mattermost/mattermost-server golang
CVE-2016-11075 unknown 4y ago Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server golang
CVE-2016-11074 unknown 4y ago Mattermost Server: Insufficient Password-Reset Link Invalidation in github.com/mattermost/mattermost-server golang
CVE-2016-11063 unknown 4y ago Mattermost Server vulnerable to Cross-site Scripting through file preview feature in github.com/mattermost/mattermost-server golang
CVE-2022-1384 unknown 4y ago Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server golang
CVE-2022-1385 unknown 4y ago Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server golang
CVE-2022-1337 unknown 4y ago Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server golang
CVE-2022-1332 unknown 4y ago Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server golang