Filter

Versions

9.5.0
19
4.2.0
18
4.3.0-rc1
18
4.3.0-rc2
18
4.3.0-rc3
18
4.3.0-rc4
18
8.1.0
15
5.7.0
14
9.2.0
14
5.8.0
11
7.10.0
11
7.8.0
11
7.9.0
11
8.0.0
11
4.1.0
10
5.9.0-rc1
10
5.9.0-rc2
10
5.9.0-rc3
10
5.9.0-rc4
10
3.7.0
9
4.2.0-rc1
9
4.2.0-rc2
9
4.2.0-rc3
9
4.2.0-rc4
9
9.0.0
9
3.8.0
8
8.1.5
8
9.3.0
8
9.4.0
8
9.9.0
8
9.2.1
7
3.10.0
6
5.16.0
6
9.10.0
6
9.11.0
6
5.15.0
5
5.17.0
5
5.6.0
5
6.4.0
5
7.8.14
5
9.0.3
5
9.1.1
5
9.1.2
5
9.8.0
5
4.6.0
4
5.0.0
4
5.18.0-rc1
4
5.18.0-rc2
4
5.18.0-rc3
4
5.18.0-rc4
4
6.2.0
4
6.3.0
4
7.7.1
4
8.1.7
4
9.1.0
4
3.6.0
3
4.0.0
3
4.4.0
3
5.12.0
3
5.5.0
3
6.6.0
3
9.7.0
3
10.0.0
2
10.0.0-rc1
2
10.0.0-rc2
2
10.0.0-rc3
2
10.0.0-rc4
2
4.10.0
2
4.5.0-rc1
2
4.5.0-rc2
2
4.5.0-rc3
2
4.5.0-rc4
2
4.7.0
2
4.7.0-rc1
2
4.7.0-rc2
2
4.7.0-rc3
2
4.7.0-rc4
2
4.8.0
2
5.1.0
2
5.2.0-rc1
2
5.2.0-rc2
2
5.2.0-rc3
2
5.2.0-rc4
2
5.2.0-rc5
2
5.2.0-rc6
2
5.37.0
2
5.7.0-rc1
2
5.7.0-rc2
2
5.7.0-rc3
2
5.7.0-rc4
2
5.7.0-rc5
2
5.7.0-rc6
2
5.8.0-rc1
2
5.8.0-rc2
2
5.8.0-rc3
2
5.8.0-rc4
2
5.9.0
2
6.0
2
6.0.0
2
6.7.0
2
9.11.0-rc1
2
9.11.0-rc2
2
9.11.0-rc3
2
4.3.0
1
4.9.0
1
5.1.0-rc1
1
5.1.0-rc2
1
5.1.0-rc3
1
5.1.0-rc4
1
5.10.0
1
5.10.0-rc1
1
5.10.0-rc2
1
5.10.0-rc3
1
5.10.0-rc4
1
5.10.0-rc5
1
5.10.0-rc6
1
5.11.0
1
5.12.0-rc1
1
5.12.0-rc2
1
5.12.0-rc3
1
5.12.0-rc4
1
5.12.0-rc5
1
5.12.0-rc6
1
5.13.0
1
5.14.0
1
5.14.0-rc1
1
5.14.0-rc2
1
5.14.0-rc3
1
5.14.0-rc4
1
5.14.0-rc5
1
5.18.0
1
5.19.0-rc1
1
5.19.0-rc2
1
5.19.0-rc3
1
5.2.0
1
5.32.0
1
6.5.0
1
6.6.1
1
7.2.0
1
9.1.4
1
9.10.2
1
9.11.1
1
9.2.3
1
9.5.9
1

Mattermost Mattermost ServerResource Exhaustion via the Invitation Feature

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-28053

Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs

medium
5.3
EPSS
0.05%
First published (updated )
CVE-2023-6459

go/github.com/mattermost/mattermost/server/v8Invite ID available to team admins even without the "Add Members" permission

medium
4.7
EPSS
0.04%
First published (updated )
CVE-2024-29221

go/github.com/mattermost/mattermost/server/v8Users maintain access to active call after being removed from a channel

low
3.1
First published (updated )
CVE-2024-21848

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li…

medium
4.3
First published (updated )
CVE-2024-1953

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/mattermost/mattermost/server/v8Infoleak, Race Condition

low
2.6
First published (updated )
CVE-2024-1949

Mattermost Mattermost ServerReflected XSS in Mattermost Jira plugin

medium
6.1
First published (updated )
CVE-2024-2445

go/github.com/mattermost/mattermost/server/v8Infoleak

medium
4.3
First published (updated )
CVE-2024-1952

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata …

medium
4.3
First published (updated )
CVE-2024-1942

Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…

medium
4.3
First published (updated )
CVE-2024-2446

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…

high
8.8
First published (updated )
CVE-2024-2450

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.…

medium
6.5
First published (updated )
CVE-2024-2447

go/github.com/mattermost/mattermost/server/v8DoS via a large number of User Preferences

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-28949

Mattermost Mattermost ServerStack overflow in SAML login in Mattermost

high
7.5
First published (updated )
CVE-2022-0903

Mattermost Mattermost ServerStack overflow in document extractor in Mattermost

medium
6.5
First published (updated )
CVE-2022-0904

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Mattermost Mattermost ServerOOM DoS in Mattermost image proxy

medium
6.5
First published (updated )
CVE-2022-1337

Mattermost Mattermost ServerRestricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents

medium
4.3
First published (updated )
CVE-2022-1332

Mattermost Mattermost ServerInvitation Email is resent as a Reminder after invalidating pending email invites

medium
5.8
First published (updated )
CVE-2022-1385

Mattermost Mattermost ServerAuthorized users are allowed to install old plugin versions from the Marketplace

high
8.8
First published (updated )
CVE-2022-1384

Mattermost Mattermost ServerA crafted SVG attachment can crash a Mattermost server

medium
6.5
First published (updated )
CVE-2022-1982

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Mattermost Mattermost ServerIncorrect defaults can cause attackers to bypass rate limitations

medium
5.6
First published (updated )
CVE-2022-2366

Mattermost Mattermost ServerTeam members could access sensitive information of other users via an API call

medium
6.5
First published (updated )
CVE-2022-2401

Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted JPEG file

medium
6.5
First published (updated )
CVE-2022-3147

Mattermost Mattermost ServerServer-side Denial of Service while processing a specifically crafted GIF file

medium
6.5
First published (updated )
CVE-2022-3257

Mattermost Mattermost ServerDisclosure of team owner email address when regenerating Invite ID

low
2.7
First published (updated )
CVE-2023-27265

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Mattermost Mattermost ServerDisclosure of team owner email address when when accessing the teams API

low
2.7
First published (updated )
CVE-2023-27266

Mattermost Mattermost ServerReflected XSS in OAuth flow completion endpoints

medium
6.1
First published (updated )
CVE-2023-1421

Mattermost Mattermost ServerUnauthorized email invite to a private channel

medium
5.4
First published (updated )
CVE-2023-1774

Mattermost Mattermost ServerUnsanitized events sent over Websocket to regular users in a High Availability environment

medium
6.5
First published (updated )
CVE-2023-1775

Mattermost Mattermost ServerStored XSS via SVG attachment on Boards

high
7.3
First published (updated )
CVE-2023-1776

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203