Filters
Versions
4.2.0
13
4.3.0-rc1
13
4.3.0-rc2
13
4.3.0-rc3
13
4.3.0-rc4
13
4.1.0
9
5.7.0
9
4.2.0-rc1
8
4.2.0-rc2
8
4.2.0-rc3
8
4.2.0-rc4
8
5.8.0
7
9.5.0
7
5.9.0-rc1
6
5.9.0-rc2
6
5.9.0-rc3
6
5.9.0-rc4
6
7.10.0
6
9.2.0
6
3.7.0
5
6.4.0
5
7.8.0
5
7.9.0
5
8.0.0
5
8.1.5
5
9.0.0
5
3.8.0
4
5.0.0
4
9.2.1
4
9.9.0
4
3.10.0
3
5.6.0
3
6.2.0
3
6.3.0
3
6.6.0
3
7.7.1
3
8.1.7
3
4.0.0
2
4.10.0
2
4.4.0
2
4.6.0
2
4.7.0
2
4.8.0
2
5.1.0
2
5.16.0
2
5.17.0
2
5.37.0
2
5.5.0
2
6.0
2
6.7.0
2
7.8.14
2
8.1.0
2
9.0.3
2
9.1.0
2
9.1.1
2
9.1.2
2
9.7.0
2
9.8.0
2
3.6.0
1
4.5.0-rc1
1
4.5.0-rc2
1
4.5.0-rc3
1
4.5.0-rc4
1
4.9.0
1
5.1.0-rc1
1
5.1.0-rc2
1
5.1.0-rc3
1
5.1.0-rc4
1
5.10.0-rc1
1
5.10.0-rc2
1
5.10.0-rc3
1
5.10.0-rc4
1
5.10.0-rc5
1
5.10.0-rc6
1
5.12.0
1
5.13.0
1
5.14.0-rc1
1
5.14.0-rc2
1
5.14.0-rc3
1
5.14.0-rc4
1
5.14.0-rc5
1
5.15.0
1
5.18.0
1
5.18.0-rc1
1
5.18.0-rc2
1
5.18.0-rc3
1
5.18.0-rc4
1
5.19.0-rc1
1
5.19.0-rc2
1
5.19.0-rc3
1
5.2.0
1
5.2.0-rc1
1
5.2.0-rc2
1
5.2.0-rc3
1
5.2.0-rc4
1
5.2.0-rc5
1
5.2.0-rc6
1
5.32.0
1
5.7.0-rc1
1
5.7.0-rc2
1
5.7.0-rc3
1
5.7.0-rc4
1
5.7.0-rc5
1
5.7.0-rc6
1
5.8.0-rc1
1
5.8.0-rc2
1
5.8.0-rc3
1
5.8.0-rc4
1
5.9.0
1
6.0.0
1
6.5.0
1
6.6.1
1
9.1.4
1
9.11.0
1
9.11.0-rc1
1
9.11.0-rc2
1
9.11.0-rc3
1
9.2.3
1
Mattermost Mattermost ServerDoS via non-string message using permalink embed
6.5
First published (updated )
Mattermost Mattermost ServerUnauthorized access on archived channels via file links
4.3
First published (updated )
npm/mattermost-desktopInsufficient Electron Fuses Configuration
6.5
First published (updated )
npm/mattermost-desktopSilent Desktop Screenshot Capture
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Malicious remote can claim that a user was synced from another remote
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can make an arbitrary local channel read-only
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Remote username set to an arbitrary string by remote user
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary channels
5.4
First published (updated )
go/github.com/mattermost/mattermost/server/v8Denial of service in mattermost mobile apps and server via emoji reactions
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Incorrect Authorization leads to Channel Member Count Leak
4.3
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost-plugin-jiraMissing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)
4.1
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerDetails of archived public channels are leaked to members of another team
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Lack of restriction to manage group names for freshly demoted guests
4.3
First published (updated )
go/github.com/mattermost/mattermost-server/v6Keywords that trigger mentions are leaked to other users
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8XSS
6.1
EPSS
0.05%
First published (updated )
Mattermost Mattermost ServerLeak Inaccessible Playbook Information via Channel Action IDOR
4.3
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerPlaybooks access/modification by removed team member
5.4
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerTodo plugin gets crashed and disabled by member
6.5
First published (updated )
Mattermost Mattermost ServerInaccessible Post Information Leak via Run Timeline IDOR
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerIDOR when updating the tasks of a private playbook run
4.3
First published (updated )
Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs
5.3
EPSS
0.05%
First published (updated )
Mattermost Mattermost ServerDenial of Service via multiple identical User IDs in /api/v4/users/ids
6.5
First published (updated )
Mattermost Mattermost ServerFile Information Leak via IDOR in file_id in Draft Posts
5.3
First published (updated )
Mattermost Mattermost ServerServer crash via a specially crafted markdown input
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerDenial of Service via specially crafted gif image
4.3
First published (updated )
Mattermost Mattermost ServerDisabling publicly-shared boards does not disable existing publicly available board links
5.4
First published (updated )
Mattermost Mattermost Serverchannel DoS by sharing a boards link
4.3
First published (updated )
Mattermost Mattermost ServerLack of channel membership check when linking a board to a channel
4.3
First published (updated )
Mattermost Mattermost ServerLimited blind SSRF to localhost/intranet in interactive dialog implementation
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerArchiving a team broadcasts unsanitized data over WebSockets
4.3
First published (updated )
Mattermost Mattermost ServerInformation disclosure in linked message previews
6.5
First published (updated )
Mattermost Mattermost ServerUnsanitized events sent over Websocket to regular users in a High Availability environment
6.5
First published (updated )
Mattermost Mattermost ServerUnauthorized email invite to a private channel
5.4
First published (updated )
Mattermost Mattermost ServerReflected XSS in OAuth flow completion endpoints
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted GIF file
6.5
First published (updated )
Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted JPEG file
6.5
First published (updated )
Mattermost Mattermost ServerTeam members could access sensitive information of other users via an API call
6.5
First published (updated )
Mattermost Mattermost ServerIncorrect defaults can cause attackers to bypass rate limitations
5.6
First published (updated )
Mattermost Mattermost ServerA crafted SVG attachment can crash a Mattermost server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerInvitation Email is resent as a Reminder after invalidating pending email invites
5.8
First published (updated )
Mattermost Mattermost ServerRestricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents
4.3
First published (updated )
Mattermost Mattermost ServerOOM DoS in Mattermost image proxy
6.5
First published (updated )
Mattermost Mattermost ServerStack overflow in document extractor in Mattermost
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerMattermost 6.0 and earlier fails to sufficiently validate the email address during registration, whi…
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.