Filter
AND
Versions
9.5.0
26
7.10.0
20
8.0.0
20
7.8.0
19
7.9.0
19
8.1.0
17
4.2.0
13
4.3.0-rc1
13
4.3.0-rc2
13
4.3.0-rc3
13
4.3.0-rc4
13
9.0.0
12
9.2.0
11
9.8.0
11
9.9.0
11
9.10.0
10
4.1.0
9
5.7.0
9
7.8.4
9
4.2.0-rc1
8
4.2.0-rc2
8
4.2.0-rc3
8
4.2.0-rc4
8
7.9.3
8
9.3.0
8
5.8.0
7
6.4.0
7
7.1.0
7
7.1.9
7
7.8.12
7
8.1.3
7
9.4.0
7
5.9.0-rc1
6
5.9.0-rc2
6
5.9.0-rc3
6
5.9.0-rc4
6
9.11.0
6
3.7.0
5
6.6.0
5
7.0.0
5
8.1.5
5
9.1.0
5
3.8.0
4
5.0.0
4
6.2.0
4
6.3.0
4
6.7.0
4
9.2.1
4
9.7.0
4
3.10.0
3
5.6.0
3
6.6.1
3
7.7.1
3
7.8.11
3
8.0.3
3
8.1.2
3
8.1.7
3
9.0.1
3
10.0.0
2
10.0.0-rc1
2
10.0.0-rc2
2
10.0.0-rc3
2
10.0.0-rc4
2
4.0.0
2
4.10.0
2
4.4.0
2
4.6.0
2
4.7.0
2
4.8.0
2
5.1.0
2
5.16.0
2
5.17.0
2
5.37.0
2
5.5.0
2
6.0
2
6.5.1
2
7.8.14
2
9.0.3
2
9.1.1
2
9.1.2
2
9.11.0-rc1
2
9.11.0-rc2
2
9.11.0-rc3
2
9.6.0
2
2.13.0
1
3.6.0
1
4.5.0-rc1
1
4.5.0-rc2
1
4.5.0-rc3
1
4.5.0-rc4
1
4.9.0
1
5.1.0-rc1
1
5.1.0-rc2
1
5.1.0-rc3
1
5.1.0-rc4
1
5.10.0-rc1
1
5.10.0-rc2
1
5.10.0-rc3
1
5.10.0-rc4
1
5.10.0-rc5
1
5.10.0-rc6
1
5.12.0
1
5.13.0
1
5.14.0-rc1
1
5.14.0-rc2
1
5.14.0-rc3
1
5.14.0-rc4
1
5.14.0-rc5
1
5.15.0
1
5.18.0
1
5.18.0-rc1
1
5.18.0-rc2
1
5.18.0-rc3
1
5.18.0-rc4
1
5.19.0-rc1
1
5.19.0-rc2
1
5.19.0-rc3
1
5.2.0
1
5.2.0-rc1
1
5.2.0-rc2
1
5.2.0-rc3
1
5.2.0-rc4
1
5.2.0-rc5
1
5.2.0-rc6
1
5.32.0
1
5.34.0
1
5.38
1
5.7.0-rc1
1
5.7.0-rc2
1
5.7.0-rc3
1
5.7.0-rc4
1
5.7.0-rc5
1
5.7.0-rc6
1
5.8.0-rc1
1
5.8.0-rc2
1
5.8.0-rc3
1
5.8.0-rc4
1
5.9.0
1
6.0.0
1
6.1
1
6.3.8
1
6.5.0
1
7.1.4
1
7.2.0
1
7.4.0
1
7.5.0
1
7.5.1
1
7.7.0
1
7.7.3
1
7.8.2
1
7.8.3
1
7.9.1
1
7.9.2
1
9.1.4
1
9.10.2
1
9.11.1
1
9.2.3
1
9.3.0-rc1
1
9.3.0-rc2
1
9.5.9
1
MattermostMobile crash via object that can't be cast to String in Attachment Field
6.5
EPSS
0.04%
First published (updated )
MattermostMobile crash via improper validation of proto style in attachments
6.5
EPSS
0.04%
First published (updated )
MattermostMobile crash via file with specially crafted filename
4.3
EPSS
0.04%
First published (updated )
MattermostInsufficient Input Validation on Post Props
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostImproper propagation of permission scheme updates across cluster nodes
4.6
First published (updated )
MattermostPrivate channel names leaking when Elasticsearch is enabled
4.3
First published (updated )
MattermostUnauthorized Access to view channels' details
4.3
First published (updated )
MattermostClient-Side Path Traversal Leading to CSRF in Playbooks
4.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostInsufficient Authorization On Unlinked Channel Files
4.3
EPSS
0.04%
First published (updated )
MattermostDoS via non-string message using permalink embed
6.5
First published (updated )
MattermostUnauthorized access on archived channels via file links
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/mattermost-desktopInsufficient Electron Fuses Configuration
6.5
First published (updated )
MattermostMobile password gets saved in dictionary under conditions
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insufficient permissions checks on teams
First published (updated )
go/github.com/mattermost/mattermost/server/v8Unauthorized channel file upload
4.3
First published (updated )
MattermostUser creation date manipulation in POST /api/v4/users
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostServer crash via Elasticsearch certificate file
4.9
First published (updated )
go/github.com/mattermost/mattermost/server/v8Email addresses of remote users visible in props regardless of server settings
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Munged email address used for password resets and notifications
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can claim that a user was synced from another remote
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Malicious remote can make an arbitrary local channel read-only
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Remote username set to an arbitrary string by remote user
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary channels
5.4
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary reactions on arbitrary posts
4.3
First published (updated )
MattermostSpoofed push notifications from malicious server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.