| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-5160 | Full name disclosure via team top membership with Show Full Name option disabled | Mattermost | Mattermost | Medium | 4.3 | 2023-10-02 10:46:33 | Deep Dive |
| CVE-2023-5194 | A system/user manager can demote / deactivate another manager | Mattermost | Mattermost | Low | 2.7 | 2023-09-29 09:28:51 | Deep Dive |
| CVE-2023-5195 | A team member can soft delete other teams that they are not part of | Mattermost | Mattermost | Medium | 6.5 | 2023-09-29 09:25:59 | Deep Dive |
| CVE-2023-5193 | System Role with manage posts permission can read posts of Direct Messages | Mattermost | Mattermost | Medium | 4.9 | 2023-09-29 09:23:47 | Deep Dive |
| CVE-2023-5196 | DoS via Channel Notification Properties | Mattermost | Mattermost | Medium | 6.5 | 2023-09-29 09:22:36 | Deep Dive |
| CVE-2023-5159 | A User Manager role with user edit permissions could manage/update bots | Mattermost | Mattermost | Low | 3.8 | 2023-09-29 09:21:38 | Deep Dive |
| CVE-2023-4478 | Parameter tampering in the registration resulting in blocked accounts to be created | Mattermost | Mattermost | Medium | 4.3 | 2023-08-25 09:06:06 | Deep Dive |
| CVE-2023-4108 | Audit logging fails to sanitize post metadata | Mattermost | Mattermost | Medium | 4.5 | 2023-08-11 06:12:34 | Deep Dive |
| CVE-2023-4107 | Incorrect authorization allows a user manager to update a system admin | Mattermost | Mattermost | Medium | 6.7 | 2023-08-11 06:12:22 | Deep Dive |
| CVE-2023-4106 | A guest user can perform various actions on public playbooks | Mattermost | Mattermost | Medium | 6.3 | 2023-08-11 06:12:11 | Deep Dive |
| CVE-2023-4105 | Attachment of deleted message in a thread remains accessible and downloadable | Mattermost | Mattermost | Low | 3.1 | 2023-08-11 06:11:57 | Deep Dive |
| CVE-2023-3593 | Server crash via a specially crafted markdown input | Mattermost | Mattermost | Medium | 4.3 | 2023-07-17 15:38:58 | Deep Dive |
| CVE-2023-3615 | Lack of server certificate validation in websockets connection | Mattermost | Mattermost iOS app | High | 8.1 | 2023-07-17 15:33:26 | Deep Dive |
| CVE-2023-3614 | Denial of Service via specially crafted gif image | Mattermost | Mattermost | Medium | 4.3 | 2023-07-17 15:32:17 | Deep Dive |
| CVE-2023-3613 | Guest accounts invited and added to channels by Welcomebot plugin | Mattermost | Mattermost Plugins | Low | 3.5 | 2023-07-17 15:31:24 | Deep Dive |
| CVE-2023-3591 | Lack of previous password reset tokens on new token creation | Mattermost | Mattermost | Medium | 4.8 | 2023-07-17 15:30:05 | Deep Dive |
| CVE-2023-3590 | Deleted attachments in Boards remain accessible | Mattermost | Mattermost | Low | 3.1 | 2023-07-17 15:28:51 | Deep Dive |
| CVE-2023-3587 | Inconsistent state in UI after boards permission change by system admin | Mattermost | Mattermost | Low | 2.7 | 2023-07-17 15:26:52 | Deep Dive |
| CVE-2023-3586 | Disabling publicly-shared boards does not disable existing publicly available board links | Mattermost | Mattermost | Medium | 4.2 | 2023-07-17 15:25:31 | Deep Dive |
| CVE-2023-3585 | channel DoS by sharing a boards link | Mattermost | Mattermost | Medium | 4.3 | 2023-07-17 15:24:21 | Deep Dive |