Filter
AND
MattermostReflected client side path traversal leading to CSRF in Playbooks
8.8
First published (updated )
MattermostPlaybook plugin crash via missing interface type assertion
7.5
First published (updated )
MattermostInaccessible Post Information Leak via Run Timeline IDOR
6.5
First published (updated )
MattermostIDOR when updating the tasks of a private playbook run
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostPublic endpoint /metrics of Calls plugin reveals channel IDs
5.3
EPSS
0.05%
First published (updated )
MattermostClient side path traversal due to lack of route parameters validation
9.8
EPSS
0.09%
First published (updated )
MattermostOpen redirect in /oauth/<service>/mobile_login?redirect_to=
6.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
4.3
EPSS
0.04%
First published (updated )
MattermostPermalink previews displayed for posts in archived channels even if users are disallowed to view archived channels
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostLog Flooding due to specially crafted requests in different endpoints
5.3
First published (updated )
MattermostDenial of Service via specially crafted block fields in Mattermost Boards
7.5
First published (updated )
MattermostDenial of Service via Board Import Zip Bomb
7.5
First published (updated )
MattermostUsers full name disclosure through Mattermost Boards with Show Full Name Option disabled
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostUsername and Icon override can be used by members when Hardened Mode is enabled
4.3
First published (updated )
MattermostDenial of Service via Link Preview in /api/v4/redirect_location
5.3
EPSS
0.05%
First published (updated )
MattermostPassword hash in response body after username update
4.9
EPSS
0.05%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Denial of Service via crashing the Calls Plugin
4.3
EPSS
0.04%
First published (updated )
MattermostDenial of Service via multiple identical User IDs in /api/v4/users/ids
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostFile Information Leak via IDOR in file_id in Draft Posts
5.3
First published (updated )
MattermostFull name disclosure via team top membership with Show Full Name option disabled
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8A system/user manager can demote / deactivate another manager
4.3
First published (updated )
MattermostA team member can soft delete other teams that they are not part of
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostSystem Role with manage posts permission can read posts of Direct Messages
4.9
First published (updated )
go/github.com/mattermost/mattermost/server/v8A User Manager role with user edit permissions could manage/update bots
3.8
First published (updated )
MattermostParameter tampering in the registration resulting in blocked accounts to be created
8.2
EPSS
0.05%
First published (updated )