Search Results | AttackerKB

18 Total Results

Displaying 11-18 of 18

Attacker Value

Unknown

CVE-2017-18885

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.

Attacker Value

Unknown

CVE-2017-18883

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2017-18878

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2017-18874

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2017-18873

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2017-18875

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2017-18876

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2017-18877

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.

Attack Vector: Network Privileges: None User Interaction: Required

18 Total Results

Displaying 11-18 of 18

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification