Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mattermost - HackerOne Reports

View on HackerOne

20

Total Reports

0

Critical

3

High

3

Medium

13

Low

Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication

Reported by: annonmous | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Invitation Email is resent as a Reminder after invalidating pending email invites

Reported by: mr_anksec | Disclosed:

Low

Weakness: Improper Access Control - Generic

Member role which doesn't have permission to send message can send by executing channel commands

Reported by: ramsakal7582 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Reflected XSS in OAuth complete endpoints

Reported by: zerodivisi0n | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $150.00

Privilege Escalation leading to post in channel without having privilege

Reported by: fuzzsqlb0f | Disclosed:

Low

Weakness: Privilege Escalation

Reset password link sent over unsecured http protocol

Reported by: uchihaluckycs | Disclosed:

High

Weakness: Improper Access Control - Generic

Bounty: $750.00

Posts sent via websockets aren't sanitized properly

Reported by: c0rydoras | Disclosed:

Low

Weakness: Improper Input Validation

Bounty: $150.00

DoS via Automatic Response Message

Reported by: vultza | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Specially crafted message request crashes the webapp for users who view the message

Reported by: thesecuritydev | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $150.00

DoS via large console messages

Reported by: thesecuritydev | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $150.00

html injection via invite members can be leads account takeover

Reported by: unnamedx | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Bypass Email Verification in Customer Portal

Reported by: 0dx | Disclosed:

Low

DOS: out of memory from gif through upload api

Reported by: catenacyber | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $150.00

DoS via Playbook

Reported by: vultza | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Mattermost Server OAuth Flow Cross-Site Scripting

Reported by: shielder | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $900.00

Persistant Arbitrary code execution in mattermost android

Reported by: hulkvision_ | Disclosed:

High

Weakness: Code Injection

[mattermost.com] CORS Misconfiguration leakage of admin users

Reported by: deb0con | Disclosed:

Weakness: Information Disclosure

ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT

Reported by: at11zt00 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Account takeover due to misconfiguration

Reported by: akashhamal0x01 | Disclosed:

Low

Weakness: Use of a Key Past its Expiration Date

Self XSS in Create New Workspace Screen

Reported by: unnamedx | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic