Mattermost Server 4.3.0 Release Candidate 1
Approved changes feed: RSS · Atom
cpe:2.3:a:mattermost:mattermost_server:4.3.0:rc1:*:*:*:*:*:*
part: a version: 4.3.0 update: rc1
| Vendor | Mattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc) |
|---|---|
| Product | Mattermost Server (657bc445-594e-5ca1-a676-4f18538f1c02) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mattermost/mattermost-server |
purl2cpe | 2026-06-01 10:18:19.892202 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-18890 |
vulnerable | 2026-06-03 14:36:58.372925 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
Published: 2020-06-19T18:08:53.000Z
Updated: 2024-08-05T21:37:44.382Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18889 |
vulnerable | 2026-06-03 14:36:58.372573 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.
Published: 2020-06-19T18:08:54.000Z
Updated: 2024-08-05T21:37:44.306Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18888 |
vulnerable | 2026-06-03 14:36:58.372216 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
Published: 2020-06-19T18:10:58.000Z
Updated: 2024-08-05T21:37:44.299Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18887 |
vulnerable | 2026-06-03 14:36:58.371845 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.
Published: 2020-06-19T18:10:59.000Z
Updated: 2024-08-05T21:37:44.311Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18886 |
vulnerable | 2026-06-03 14:36:58.371483 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.
Published: 2020-06-19T18:43:16.000Z
Updated: 2024-08-05T21:37:44.295Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18885 |
vulnerable | 2026-06-03 14:36:58.371125 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.
Published: 2020-06-19T18:10:29.000Z
Updated: 2024-08-05T21:37:44.292Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18884 |
vulnerable | 2026-06-03 14:36:58.370766 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.
Published: 2020-06-19T18:08:48.000Z
Updated: 2024-08-05T21:37:44.307Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18883 |
vulnerable | 2026-06-03 14:36:58.370384 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
Published: 2020-06-19T18:08:47.000Z
Updated: 2024-08-05T21:37:44.337Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18882 |
vulnerable | 2026-06-03 14:36:58.369942 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
Published: 2020-06-19T18:08:46.000Z
Updated: 2024-08-05T21:37:44.343Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18881 |
vulnerable | 2026-06-03 14:36:58.369580 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
Published: 2020-06-19T18:08:44.000Z
Updated: 2024-08-05T21:37:44.347Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18880 |
vulnerable | 2026-06-03 14:36:58.369228 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.
Published: 2020-06-19T18:42:54.000Z
Updated: 2024-08-05T21:37:44.319Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18879 |
vulnerable | 2026-06-03 14:36:58.368874 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
Published: 2020-06-19T18:08:42.000Z
Updated: 2024-08-05T21:37:44.451Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18878 |
vulnerable | 2026-06-03 14:36:58.368523 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
Published: 2020-06-19T18:08:20.000Z
Updated: 2024-08-05T21:37:44.337Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18877 |
vulnerable | 2026-06-03 14:36:58.368158 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
Published: 2020-06-19T16:50:36.000Z
Updated: 2024-08-05T21:37:44.304Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18876 |
vulnerable | 2026-06-03 14:36:58.367784 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
Published: 2020-06-19T16:50:02.000Z
Updated: 2024-08-05T21:37:44.312Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18875 |
vulnerable | 2026-06-03 14:36:58.367394 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.
Published: 2020-06-19T16:47:13.000Z
Updated: 2024-08-05T21:37:44.306Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18874 |
vulnerable | 2026-06-03 14:36:58.366990 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
Published: 2020-06-19T18:07:29.000Z
Updated: 2024-08-05T21:37:44.316Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18873 |
vulnerable | 2026-06-03 14:36:58.364979 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.
Published: 2020-06-19T17:44:12.000Z
Updated: 2024-08-05T21:37:44.342Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.