Filter

Mattermost Mattermost ServerPrivate channel names leaking when Elasticsearch is enabled

First published (updated )

Mattermost Mattermost ServerMFA Code Replay

First published (updated )

Mattermost Mattermost ServerUnauthorized Access to view channels' details

First published (updated )

Mattermost Mattermost ServerClient-Side Path Traversal Leading to CSRF in Playbooks

First published (updated )

Mattermost MattermostIncorrect Session Creation with Desktop SSO

3.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost Mattermost ServerDoS via non-string message using permalink embed

First published (updated )

Mattermost Mattermost ServerUnauthorized access on archived channels

First published (updated )

Mattermost Mattermost ServerWeak SSRF Filtering

First published (updated )

Mattermost Mattermost ServerUnauthorized access on archived channels via file links

First published (updated )

npm/mattermost-desktopInsufficient Electron Fuses Configuration

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

npm/mattermost-desktopSilent Desktop Screenshot Capture

First published (updated )

Mattermost Mattermost MobileMobile password gets saved in dictionary under conditions

First published (updated )

npm/mattermost-desktopRCE in desktop app in Windows by local attacker

7.8
First published (updated )

go/github.com/mattermost/mattermost/server/v8Insufficient permissions checks on teams

First published (updated )

go/github.com/mattermost/mattermost/server/v8Unauthorized channel file upload

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

go/github.com/mattermost/mattermost/server/v8Unauthorized disabling of invite URL

2.7
First published (updated )

Mattermost MattermostSystem Role with edit access to permissions can elevate themselves to system admin

7.2
EPSS
0.05%
First published (updated )

Mattermost MattermostUser creation date manipulation in POST /api/v4/users

First published (updated )

Mattermost MattermostOne-click Client-Side Path Traversal Leading to CSRF in User Management admin page

8.8
First published (updated )

Mattermost MattermostIDOR when marking read a user's channel

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Mattermost MattermostServer crash via Elasticsearch certificate file

First published (updated )

Mattermost MattermostEmail addresses of remote users visible in props regardless of server settings

First published (updated )

Mattermost MattermostMunged email address used for password resets and notifications

First published (updated )

go/github.com/mattermost/mattermost/server/v8Malicious remote can claim that a user was synced from another remote

First published (updated )

go/github.com/mattermost/mattermost/server/v8Malicious remote can make an arbitrary local channel read-only

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

go/github.com/mattermost/mattermost/server/v8Malicious remote can create/update/delete arbitrary posts in arbitrary channels

7.1
First published (updated )

go/github.com/mattermost/mattermost/server/v8Remote username set to an arbitrary string by remote user

First published (updated )

go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary channels

First published (updated )

go/github.com/mattermost/mattermost/server/v8Permanently local data deletion by malicious remote

8.7
First published (updated )

Mattermost MattermostMalicious remote can invite itself to an arbitrary local channel

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203