CVE-2019-20888

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.

Source: CVE-2019-20888

CVE-2019-20881

An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.

Source: CVE-2019-20881

CVE-2019-20882

An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.

Source: CVE-2019-20882

CVE-2019-20885

An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.

Source: CVE-2019-20885

CVE-2019-20875

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.

Source: CVE-2019-20875

CVE-2019-20880

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.

Source: CVE-2019-20880

CVE-2019-20876

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.

Source: CVE-2019-20876

CVE-2019-20883

An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.

Source: CVE-2019-20883

CVE-2018-21265

An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).

Source: CVE-2018-21265

CVE-2019-20887

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.

Source: CVE-2019-20887