CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20889
https://notcve.org/view.php?id=CVE-2019-20889
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation. Se detectó un problema en Mattermost Server versiones anteriores a 5.7, 5.6.3, 5.5.2 y 4.10.5. Maneja inapropiadamente los permisos para la creación de tokens de acceso de usuario • https://mattermost.com/security-updates • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21248
https://notcve.org/view.php?id=CVE-2018-21248
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. Se detectó un problema en Mattermost Server versiones anteriores a 5.4.0. Maneja inapropiadamente una posesión de credenciales de autenticación superfluas • https://mattermost.com/security-updates • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20888
https://notcve.org/view.php?id=CVE-2019-20888
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration. Se detectó un problema en Mattermost Server versiones anteriores a 5.7, 5.6.3, 5.5.2 y 4.10.5. Permite a atacantes causar una denegación de servicio (consumo de la memoria) por medio de un webhook saliente o una integración de comando de barra diagonal • https://mattermost.com/security-updates • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20886
https://notcve.org/view.php?id=CVE-2019-20886
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. Se detectó un problema en Mattermost Server versiones anteriores a 5.8.0. El primer usuario es a veces inadvertidamente un administrador del sistema • https://mattermost.com/security-updates • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21258
https://notcve.org/view.php?id=CVE-2018-21258
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. Se detectó un problema en Mattermost Server versiones anteriores a 5.1. Permite a atacantes causar una denegación de servicio por medio del comando de barra diagonal invite_people • https://mattermost.com/security-updates • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •