Search Results | AttackerKB

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2016-11068

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2016-11075

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2016-11062

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2017-18914

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2017-18905

Disclosure Date: June 19, 2020 (last updated February 21, 2025)

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

Attack Vector: Network Privileges: None User Interaction: None