CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4106 – A guest user can perform various actions on public playbooks
https://notcve.org/view.php?id=CVE-2023-4106
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4105 – Attachment of deleted message in a thread remains accessible and downloadable
https://notcve.org/view.php?id=CVE-2023-4105
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message • https://mattermost.com/security-updates • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3593 – Server crash via a specially crafted markdown input
https://notcve.org/view.php?id=CVE-2023-3593
Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3615 – Lack of server certificate validation in websockets connection
https://notcve.org/view.php?id=CVE-2023-3615
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. • https://mattermost.com/security-updates • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3614 – Denial of Service via specially crafted gif image
https://notcve.org/view.php?id=CVE-2023-3614
Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file. • https://mattermost.com/security-updates • CWE-400: Uncontrolled Resource Consumption •