| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-3584 | Member can create team with team override scheme | Mattermost | Mattermost | Low | 3.1 | 2023-07-17 15:23:03 | Deep Dive |
| CVE-2023-3582 | Lack of channel membership check when linking a board to a channel | Mattermost | Mattermost | Medium | 4.3 | 2023-07-17 15:21:35 | Deep Dive |
| CVE-2023-3581 | WebSockets accept connections from HTTPS origin | Mattermost | Mattermost | Medium | 6.2 | 2023-07-17 15:20:00 | Deep Dive |
| CVE-2023-3577 | Limited blind SSRF to localhost/intranet in interactive dialog implementation | Mattermost | Mattermost | Low | 3.5 | 2023-07-17 15:18:08 | Deep Dive |
| CVE-2023-2785 | Specially crafted search query can cause large log entries in postgres | Mattermost | Mattermost | Medium | 4.3 | 2023-06-16 09:07:28 | Deep Dive |
| CVE-2023-2831 | Denial of Service while unescaping a Markdown string | Mattermost | Mattermost | Medium | 4.3 | 2023-06-16 09:06:15 | Deep Dive |
| CVE-2023-2797 | Path traversal in GitHub plugin's code preview feature | Mattermost | Mattermost Github Plugin | Low | 3.1 | 2023-06-16 09:03:18 | Deep Dive |
| CVE-2023-2793 | Stack exhaustion in PreparePostForClientWithEmbedsAndImages | Mattermost | Mattermost | Medium | 6.5 | 2023-06-16 09:02:35 | Deep Dive |
| CVE-2023-2792 | Ephemeral messages return private channel contents in permalink previews | Mattermost | Mattermost | Medium | 6.5 | 2023-06-16 09:01:44 | Deep Dive |
| CVE-2023-2791 | Playbooks lets you edit arbitrary posts | Mattermost | Mattermost | Medium | 4.3 | 2023-06-16 08:59:17 | Deep Dive |
| CVE-2023-2788 | Deactivated user can retain access using oauth2 api | Mattermost | Mattermost | Medium | 6.2 | 2023-06-16 08:58:15 | Deep Dive |
| CVE-2023-2787 | Collapsed Reply Threads APIs leak message contents from private channels | Mattermost | Mattermost | Medium | 6.5 | 2023-06-16 08:55:39 | Deep Dive |
| CVE-2023-2786 | Channel commands execution doesn't properly verify permissions | Mattermost | Mattermost | Medium | 4.3 | 2023-06-16 08:43:50 | Deep Dive |
| CVE-2023-2784 | Apps Framework allows install requests from regular members via an internal path | Mattermost | Mattermost App Framework | Medium | 4.2 | 2023-06-16 08:41:59 | Deep Dive |
| CVE-2023-2783 | App Framework does not checks for the secret provided in the incoming webhook request | Mattermost | Mattermost App Framework | Medium | 4.3 | 2023-06-16 08:39:26 | Deep Dive |
| CVE-2023-2808 | Lack of URL normalization allows rendering previews for disallowed domains | Mattermost | Mattermost | Medium | 4.3 | 2023-05-29 09:07:35 | Deep Dive |
| CVE-2023-2514 | DB username/password revealed in application logs | Mattermost | Mattermost | Medium | 6.7 | 2023-05-12 08:56:56 | Deep Dive |
| CVE-2023-2515 | Privilege escalation to system admin via personal access tokens | Mattermost | Mattermost | Medium | 4.7 | 2023-05-12 08:53:44 | Deep Dive |
| CVE-2023-2000 | Unrestricted navigation due to unvalidated mattermost server redirection | Mattermost | Mattermost | Medium | 5.4 | 2023-05-02 08:57:39 | Deep Dive |
| CVE-2023-2281 | Archiving a team broadcasts unsanitized data over WebSockets | Mattermost | Mattermost | Low | 3.1 | 2023-04-25 13:04:42 | Deep Dive |