Mattermost Server 4.3.0 Release Candidate 3
Approved changes feed: RSS · Atom
cpe:2.3:a:mattermost:mattermost_server:4.3.0:rc3:*:*:*:*:*:*
part: a version: 4.3.0 update: rc3
| Vendor | Mattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc) |
|---|---|
| Product | Mattermost Server (657bc445-594e-5ca1-a676-4f18538f1c02) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mattermost/mattermost-server |
purl2cpe | 2026-06-01 10:18:19.892205 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-18890 |
vulnerable | 2026-06-03 14:36:58.372960 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
Published: 2020-06-19T18:08:53.000Z
Updated: 2024-08-05T21:37:44.382Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18889 |
vulnerable | 2026-06-03 14:36:58.372608 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.
Published: 2020-06-19T18:08:54.000Z
Updated: 2024-08-05T21:37:44.306Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18888 |
vulnerable | 2026-06-03 14:36:58.372251 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.
Published: 2020-06-19T18:10:58.000Z
Updated: 2024-08-05T21:37:44.299Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18887 |
vulnerable | 2026-06-03 14:36:58.371879 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.
Published: 2020-06-19T18:10:59.000Z
Updated: 2024-08-05T21:37:44.311Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18886 |
vulnerable | 2026-06-03 14:36:58.371519 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.
Published: 2020-06-19T18:43:16.000Z
Updated: 2024-08-05T21:37:44.295Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18885 |
vulnerable | 2026-06-03 14:36:58.371164 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.
Published: 2020-06-19T18:10:29.000Z
Updated: 2024-08-05T21:37:44.292Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18884 |
vulnerable | 2026-06-03 14:36:58.370800 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.
Published: 2020-06-19T18:08:48.000Z
Updated: 2024-08-05T21:37:44.307Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18883 |
vulnerable | 2026-06-03 14:36:58.370421 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
Published: 2020-06-19T18:08:47.000Z
Updated: 2024-08-05T21:37:44.337Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18882 |
vulnerable | 2026-06-03 14:36:58.369977 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.
Published: 2020-06-19T18:08:46.000Z
Updated: 2024-08-05T21:37:44.343Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18881 |
vulnerable | 2026-06-03 14:36:58.369615 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.
Published: 2020-06-19T18:08:44.000Z
Updated: 2024-08-05T21:37:44.347Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18880 |
vulnerable | 2026-06-03 14:36:58.369261 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.
Published: 2020-06-19T18:42:54.000Z
Updated: 2024-08-05T21:37:44.319Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18879 |
vulnerable | 2026-06-03 14:36:58.368908 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.
Published: 2020-06-19T18:08:42.000Z
Updated: 2024-08-05T21:37:44.451Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18878 |
vulnerable | 2026-06-03 14:36:58.368557 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.
Published: 2020-06-19T18:08:20.000Z
Updated: 2024-08-05T21:37:44.337Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18877 |
vulnerable | 2026-06-03 14:36:58.368193 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
Published: 2020-06-19T16:50:36.000Z
Updated: 2024-08-05T21:37:44.304Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18876 |
vulnerable | 2026-06-03 14:36:58.367819 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.
Published: 2020-06-19T16:50:02.000Z
Updated: 2024-08-05T21:37:44.312Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18875 |
vulnerable | 2026-06-03 14:36:58.367431 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.
Published: 2020-06-19T16:47:13.000Z
Updated: 2024-08-05T21:37:44.306Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18874 |
vulnerable | 2026-06-03 14:36:58.367029 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
Published: 2020-06-19T18:07:29.000Z
Updated: 2024-08-05T21:37:44.316Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18873 |
vulnerable | 2026-06-03 14:36:58.366040 |
Details available
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.
Published: 2020-06-19T17:44:12.000Z
Updated: 2024-08-05T21:37:44.342Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.