Filters
Software
npm/mattermost-desktopRCE in desktop app in Windows by local attacker
7.8
First published (updated )
Mattermost MattermostSystem Role with edit access to permissions can elevate themselves to system admin
7.2
EPSS
0.05%
First published (updated )
Mattermost MattermostOne-click Client-Side Path Traversal Leading to CSRF in User Management admin page
8.8
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create/update/delete arbitrary posts in arbitrary channels
7.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Permanently local data deletion by malicious remote
8.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Malicious remote can add users to arbitrary teams and channels
8.7
First published (updated )
go/github.com/mattermost/mattermost/server/v8Existing local user overwritten by malicious remote
7.4
First published (updated )
Mattermost MattermostTiming attack during remote cluster token comparison when shared channels are enabled
8.1
First published (updated )
Mattermost Mattermost ServerReflected client side path traversal leading to CSRF in Playbooks
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerPlaybook plugin crash via missing interface type assertion
7.5
First published (updated )
Mattermost Mattermost ServerPlaybook Plugin Crash via Run Checklist
7.5
First published (updated )
Mattermost MattermostDenial of Service via specially crafted block fields in Mattermost Boards
7.5
First published (updated )
Mattermost MattermostDenial of Service via Board Import Zip Bomb
7.5
First published (updated )
Mattermost Mattermost ServerDenial of Service via Opengraph Data Cache
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerParameter tampering in the registration resulting in blocked accounts to be created
8.2
EPSS
0.05%
First published (updated )
Mattermost MattermostAudit logging fails to sanitize post metadata
7.5
First published (updated )
Mattermost MattermostLack of server certificate validation in websockets connection
8.1
First published (updated )
Mattermost Mattermost ServerLack of previous password reset tokens on new token creation
8.2
First published (updated )
Mattermost Mattermost ServerDeleted attachments in Boards remain accessible
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerWebSockets accept connections from HTTPS origin
8.1
First published (updated )
Mattermost MattermostDB username/password revealed in application logs
7.5
First published (updated )
Mattermost Mattermost ServerPrivilege escalation to system admin via personal access tokens
8.8
First published (updated )
Mattermost Mattermost ServerUser password logged in audit logs
7.5
First published (updated )
Mattermost Mattermost ServerStored XSS via SVG attachment on Boards
7.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostIDOR: Updating a playbook via the Playbooks API
7.1
First published (updated )
Mattermost PlaybooksPlaybook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
8.8
First published (updated )
Mattermost Mattermost ServerAuthorized users are allowed to install old plugin versions from the Marketplace
8.8
First published (updated )
Mattermost Mattermost ServerStack overflow in SAML login in Mattermost
7.5
First published (updated )
Mattermost Mattermost BoardsSession is not invalidated on server-side when user logged out of Boards
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostMattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user …
7.5
First published (updated )
Mattermost MattermostAn issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party serve…
7.5
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of …
7.5
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at pas…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used f…
7.5
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OA…
8.1
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signatur…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of r…
8.8
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2…
8.1
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to …
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attack…
7.5
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous a…
7.5
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attacke…
7.5
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently…
7.5
First published (updated )
Mattermost Mattermost ServerAn issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authe…
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.