Filters
Software
Mattermost Mattermost ServerPrivate channel names leaking when Elasticsearch is enabled
4.3
First published (updated )
Mattermost Mattermost ServerUnauthorized Access to view channels' details
4.3
First published (updated )
Mattermost Mattermost ServerClient-Side Path Traversal Leading to CSRF in Playbooks
4.6
First published (updated )
Mattermost MattermostIncorrect Session Creation with Desktop SSO
3.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerDoS via non-string message using permalink embed
6.5
First published (updated )
Mattermost Mattermost ServerUnauthorized access on archived channels
5.4
First published (updated )
Mattermost Mattermost ServerUnauthorized access on archived channels via file links
4.3
First published (updated )
npm/mattermost-desktopInsufficient Electron Fuses Configuration
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
npm/mattermost-desktopSilent Desktop Screenshot Capture
5.3
First published (updated )
Mattermost Mattermost MobileMobile password gets saved in dictionary under conditions
6.5
First published (updated )
npm/mattermost-desktopRCE in desktop app in Windows by local attacker
7.8
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insufficient permissions checks on teams
First published (updated )
go/github.com/mattermost/mattermost/server/v8Unauthorized channel file upload
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Unauthorized disabling of invite URL
2.7
First published (updated )
Mattermost MattermostSystem Role with edit access to permissions can elevate themselves to system admin
7.2
EPSS
0.05%
First published (updated )
Mattermost MattermostUser creation date manipulation in POST /api/v4/users
5.3
First published (updated )
Mattermost MattermostOne-click Client-Side Path Traversal Leading to CSRF in User Management admin page
8.8
First published (updated )
Mattermost MattermostIDOR when marking read a user's channel
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostServer crash via Elasticsearch certificate file
4.9
First published (updated )
Mattermost MattermostEmail addresses of remote users visible in props regardless of server settings
4.3
First published (updated )
Mattermost MattermostMunged email address used for password resets and notifications
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can claim that a user was synced from another remote
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can make an arbitrary local channel read-only
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Malicious remote can create/update/delete arbitrary posts in arbitrary channels
7.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Remote username set to an arbitrary string by remote user
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary channels
5.4
First published (updated )
go/github.com/mattermost/mattermost/server/v8Permanently local data deletion by malicious remote
8.7
First published (updated )
Mattermost MattermostMalicious remote can invite itself to an arbitrary local channel
9.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Malicious remote can add users to arbitrary teams and channels
8.7
First published (updated )
go/github.com/mattermost/mattermost/server/v8Existing local user overwritten by malicious remote
7.4
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary reactions on arbitrary posts
4.3
First published (updated )
Mattermost Mattermost MobileSpoofed push notifications from malicious server
6.5
First published (updated )
Mattermost Mattermost MobileLaTeX post content manipulation via renderer state leak across contexts
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostLimited DoS due to permitting creating users with user-defined IDs
6.5
EPSS
0.05%
First published (updated )
Mattermost MattermostRemoteClusterFrame payloads are audit logged in full
2.7
First published (updated )
Mattermost MattermostCreating posts with user-defined IDs permitted in CreatePost API
5.4
First published (updated )
Mattermost MattermostTiming attack during remote cluster token comparison when shared channels are enabled
8.1
First published (updated )
Mattermost MattermostChannel IDs of archived/restored channels leaked via webhook events
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostLack of permission check when updating the profile picture of a remote user (shared channels enabled)
5.3
First published (updated )
npm/mattermost-desktopLack of permissions prompting when opening external URLs
6.1
First published (updated )
npm/mattermost-desktopBypass of TCC restrictions on macOS
3.8
First published (updated )
go/github.com/mattermost/mattermost/server/v8Denial of service in mattermost mobile apps and server via emoji reactions
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Incorrect Authorization leads to Channel Member Count Leak
4.3
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost-plugin-jiraMissing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)
4.1
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerCSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)
3.5
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerDetails of archived public channels are leaked to members of another team
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Lack of restriction to manage group names for freshly demoted guests
4.3
First published (updated )
go/github.com/mattermost/mattermost-server/v6Keywords that trigger mentions are leaked to other users
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.