Filters
Software
Mattermost Mattermost ServerPrivate channel names leaking when Elasticsearch is enabled
4.3
First published (updated )
Mattermost Mattermost ServerUnauthorized Access to view channels' details
4.3
First published (updated )
Mattermost Mattermost ServerClient-Side Path Traversal Leading to CSRF in Playbooks
4.6
First published (updated )
Mattermost Mattermost ServerDoS via non-string message using permalink embed
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerUnauthorized access on archived channels
5.4
First published (updated )
Mattermost Mattermost ServerUnauthorized access on archived channels via file links
4.3
First published (updated )
npm/mattermost-desktopInsufficient Electron Fuses Configuration
6.5
First published (updated )
npm/mattermost-desktopSilent Desktop Screenshot Capture
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost MobileMobile password gets saved in dictionary under conditions
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insufficient permissions checks on teams
First published (updated )
go/github.com/mattermost/mattermost/server/v8Unauthorized channel file upload
4.3
First published (updated )
Mattermost MattermostUser creation date manipulation in POST /api/v4/users
5.3
First published (updated )
Mattermost MattermostIDOR when marking read a user's channel
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostServer crash via Elasticsearch certificate file
4.9
First published (updated )
Mattermost MattermostEmail addresses of remote users visible in props regardless of server settings
4.3
First published (updated )
Mattermost MattermostMunged email address used for password resets and notifications
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can claim that a user was synced from another remote
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can make an arbitrary local channel read-only
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Remote username set to an arbitrary string by remote user
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary channels
5.4
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary reactions on arbitrary posts
4.3
First published (updated )
Mattermost Mattermost MobileSpoofed push notifications from malicious server
6.5
First published (updated )
Mattermost Mattermost MobileLaTeX post content manipulation via renderer state leak across contexts
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostLimited DoS due to permitting creating users with user-defined IDs
6.5
EPSS
0.05%
First published (updated )
Mattermost MattermostCreating posts with user-defined IDs permitted in CreatePost API
5.4
First published (updated )
Mattermost MattermostChannel IDs of archived/restored channels leaked via webhook events
5.3
First published (updated )
Mattermost MattermostLack of permission check when updating the profile picture of a remote user (shared channels enabled)
5.3
First published (updated )
npm/mattermost-desktopLack of permissions prompting when opening external URLs
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Denial of service in mattermost mobile apps and server via emoji reactions
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Incorrect Authorization leads to Channel Member Count Leak
4.3
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost-plugin-jiraMissing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)
4.1
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerDetails of archived public channels are leaked to members of another team
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Lack of restriction to manage group names for freshly demoted guests
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost-server/v6Keywords that trigger mentions are leaked to other users
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8XSS
6.1
EPSS
0.05%
First published (updated )
Mattermost Mattermost ServerLeak Inaccessible Playbook Information via Channel Action IDOR
4.3
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerPlaybooks access/modification by removed team member
5.4
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerTodo plugin gets crashed and disabled by member
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerInaccessible Post Information Leak via Run Timeline IDOR
6.5
First published (updated )
Mattermost Mattermost ServerIDOR when updating the tasks of a private playbook run
4.3
First published (updated )
Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs
5.3
EPSS
0.05%
First published (updated )
Mattermost MattermostOpen redirect in /oauth/<service>/mobile_login?redirect_to=
6.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
4.3
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostPermalink previews displayed for posts in archived channels even if users are disallowed to view archived channels
4.3
First published (updated )
Mattermost MattermostLog Flooding due to specially crafted requests in different endpoints
5.3
First published (updated )
Mattermost MattermostHTML injection via channel autocomplete
5.4
First published (updated )
Mattermost MattermostUsers full name disclosure through Mattermost Boards with Show Full Name Option disabled
4.3
First published (updated )
Mattermost MattermostUsername and Icon override can be used by members when Hardened Mode is enabled
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.