Mattermost Server 4.2.0 Release Candidate 3

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mattermost:mattermost_server:4.2.0:rc3:*:*:*:*:*:*

part: a version: 4.2.0 update: rc3

VendorMattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc)
ProductMattermost Server (657bc445-594e-5ca1-a676-4f18538f1c02)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/mattermost/mattermost-server purl2cpe 2026-06-01 10:18:19.892189

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-18899 vulnerable 2026-06-03 14:36:58.387204 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.
Published: 2020-06-19T18:42:06.000Z
Updated: 2024-08-05T21:37:44.359Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18898 vulnerable 2026-06-03 14:36:58.386850 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.
Published: 2020-06-19T18:43:19.000Z
Updated: 2024-08-05T21:37:44.351Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18897 vulnerable 2026-06-03 14:36:58.386483 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.
Published: 2020-06-19T18:10:53.000Z
Updated: 2024-08-05T21:37:44.398Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18896 vulnerable 2026-06-03 14:36:58.386134 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.
Published: 2020-06-19T18:10:54.000Z
Updated: 2024-08-05T21:37:44.368Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18895 vulnerable 2026-06-03 14:36:58.385781 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.
Published: 2020-06-19T18:43:14.000Z
Updated: 2024-08-05T21:37:44.297Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18894 vulnerable 2026-06-03 14:36:58.385426 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.
Published: 2020-06-19T18:10:56.000Z
Updated: 2024-08-05T21:37:44.290Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18893 vulnerable 2026-06-03 14:36:58.385046 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
Published: 2020-06-19T18:10:57.000Z
Updated: 2024-08-05T21:37:44.301Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18892 vulnerable 2026-06-03 14:36:58.384648 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.
Published: 2020-06-19T18:08:51.000Z
Updated: 2024-08-05T21:37:44.449Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-18891 vulnerable 2026-06-03 14:36:58.383659 Details available
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.
Published: 2020-06-19T18:08:50.000Z
Updated: 2024-08-05T21:37:44.282Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.