Filters
Versions
4.2.0
18
4.3.0-rc1
18
4.3.0-rc2
18
4.3.0-rc3
18
4.3.0-rc4
18
5.7.0
14
5.8.0
11
7.10.0
11
7.8.0
11
7.9.0
11
8.0.0
11
4.1.0
10
5.9.0-rc1
10
5.9.0-rc2
10
5.9.0-rc3
10
5.9.0-rc4
10
3.7.0
9
4.2.0-rc1
9
4.2.0-rc2
9
4.2.0-rc3
9
4.2.0-rc4
9
9.0.0
9
9.2.0
9
3.8.0
8
8.1.5
8
9.2.1
7
3.10.0
6
5.16.0
6
5.15.0
5
5.17.0
5
5.6.0
5
6.4.0
5
7.8.14
5
9.0.3
5
9.1.1
5
9.1.2
5
9.5.0
5
9.9.0
5
4.6.0
4
5.0.0
4
5.18.0-rc1
4
5.18.0-rc2
4
5.18.0-rc3
4
5.18.0-rc4
4
6.2.0
4
6.3.0
4
7.7.1
4
8.1.7
4
9.1.0
4
3.6.0
3
4.0.0
3
4.4.0
3
5.12.0
3
5.5.0
3
6.6.0
3
8.1.0
3
9.7.0
3
9.8.0
3
4.10.0
2
4.5.0-rc1
2
4.5.0-rc2
2
4.5.0-rc3
2
4.5.0-rc4
2
4.7.0
2
4.7.0-rc1
2
4.7.0-rc2
2
4.7.0-rc3
2
4.7.0-rc4
2
4.8.0
2
5.1.0
2
5.2.0-rc1
2
5.2.0-rc2
2
5.2.0-rc3
2
5.2.0-rc4
2
5.2.0-rc5
2
5.2.0-rc6
2
5.37.0
2
5.7.0-rc1
2
5.7.0-rc2
2
5.7.0-rc3
2
5.7.0-rc4
2
5.7.0-rc5
2
5.7.0-rc6
2
5.8.0-rc1
2
5.8.0-rc2
2
5.8.0-rc3
2
5.8.0-rc4
2
5.9.0
2
6.0
2
6.0.0
2
6.7.0
2
4.3.0
1
4.9.0
1
5.1.0-rc1
1
5.1.0-rc2
1
5.1.0-rc3
1
5.1.0-rc4
1
5.10.0
1
5.10.0-rc1
1
5.10.0-rc2
1
5.10.0-rc3
1
5.10.0-rc4
1
5.10.0-rc5
1
5.10.0-rc6
1
5.11.0
1
5.12.0-rc1
1
5.12.0-rc2
1
5.12.0-rc3
1
5.12.0-rc4
1
5.12.0-rc5
1
5.12.0-rc6
1
5.13.0
1
5.14.0
1
5.14.0-rc1
1
5.14.0-rc2
1
5.14.0-rc3
1
5.14.0-rc4
1
5.14.0-rc5
1
5.18.0
1
5.19.0-rc1
1
5.19.0-rc2
1
5.19.0-rc3
1
5.2.0
1
5.32.0
1
6.5.0
1
6.6.1
1
7.2.0
1
9.1.4
1
9.2.3
1
npm/mattermost-desktopInsufficient Electron Fuses Configuration
6.5
First published (updated )
npm/mattermost-desktopSilent Desktop Screenshot Capture
5.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can claim that a user was synced from another remote
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can make an arbitrary local channel read-only
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create/update/delete arbitrary posts in arbitrary channels
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Remote username set to an arbitrary string by remote user
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary channels
5.4
First published (updated )
go/github.com/mattermost/mattermost/server/v8Denial of service in mattermost mobile apps and server via emoji reactions
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Incorrect Authorization leads to Channel Member Count Leak
4.3
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost-plugin-jiraMissing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)
4.1
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerCSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)
3.5
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerDetails of archived public channels are leaked to members of another team
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Lack of restriction to manage group names for freshly demoted guests
4.3
First published (updated )
go/github.com/mattermost/mattermost-server/v6Keywords that trigger mentions are leaked to other users
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8XSS
6.1
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerLeak Inaccessible Playbook Information via Channel Action IDOR
4.3
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerReflected client side path traversal leading to CSRF in Playbooks
8.8
First published (updated )
Mattermost Mattermost ServerPlaybooks access/modification by removed team member
5.4
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerPlaybook plugin crash via missing interface type assertion
7.5
First published (updated )
Mattermost Mattermost ServerTodo plugin gets crashed and disabled by member
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerInaccessible Post Information Leak via Run Timeline IDOR
6.5
First published (updated )
Mattermost Mattermost ServerIDOR when updating the tasks of a private playbook run
4.3
First published (updated )
Mattermost Mattermost ServerPlaybook Plugin Crash via Run Checklist
7.5
First published (updated )
Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs
5.3
EPSS
0.05%
First published (updated )
Mattermost Mattermost ServerClient side path traversal due to lack of route parameters validation
9.8
EPSS
0.09%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerDenial of Service via multiple identical User IDs in /api/v4/users/ids
6.5
First published (updated )
Mattermost Mattermost ServerFile Information Leak via IDOR in file_id in Draft Posts
5.3
First published (updated )
Mattermost Mattermost ServerDenial of Service via Opengraph Data Cache
7.5
First published (updated )
Mattermost Mattermost ServerParameter tampering in the registration resulting in blocked accounts to be created
8.2
EPSS
0.05%
First published (updated )
Mattermost Mattermost ServerServer crash via a specially crafted markdown input
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerDenial of Service via specially crafted gif image
4.3
First published (updated )
Mattermost Mattermost ServerGuest accounts invited and added to channels by Welcomebot plugin
3.5
First published (updated )
Mattermost Mattermost ServerLack of previous password reset tokens on new token creation
8.2
First published (updated )
Mattermost Mattermost ServerDeleted attachments in Boards remain accessible
7.5
First published (updated )
Mattermost Mattermost ServerInconsistent state in UI after boards permission change by system admin
2.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerDisabling publicly-shared boards does not disable existing publicly available board links
5.4
First published (updated )
Mattermost Mattermost Serverchannel DoS by sharing a boards link
4.3
First published (updated )
Mattermost Mattermost ServerMember can create team with team override scheme
3.1
First published (updated )
Mattermost Mattermost ServerLack of channel membership check when linking a board to a channel
4.3
First published (updated )
Mattermost Mattermost ServerWebSockets accept connections from HTTPS origin
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerLimited blind SSRF to localhost/intranet in interactive dialog implementation
4.3
First published (updated )
Mattermost Mattermost ServerPrivilege escalation to system admin via personal access tokens
8.8
First published (updated )
Mattermost Mattermost ServerArchiving a team broadcasts unsanitized data over WebSockets
4.3
First published (updated )
Mattermost Mattermost ServerUser password logged in audit logs
7.5
First published (updated )
Mattermost Mattermost ServerInformation disclosure in linked message previews
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerStored XSS via SVG attachment on Boards
7.3
First published (updated )
Mattermost Mattermost ServerUnsanitized events sent over Websocket to regular users in a High Availability environment
6.5
First published (updated )
Mattermost Mattermost ServerUnauthorized email invite to a private channel
5.4
First published (updated )
Mattermost Mattermost ServerReflected XSS in OAuth flow completion endpoints
6.1
First published (updated )
Mattermost Mattermost ServerDisclosure of team owner email address when when accessing the teams API
2.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.