Filter
AND
Versions
9.5.0
19
8.0.0
18
7.8.0
16
7.9.0
16
7.10.0
15
9.8.0
15
9.9.0
10
7.8.12
9
7.8.4
9
8.1.3
9
7.9.3
8
7.1.0
7
7.1.9
7
9.0.0
7
9.10.0
7
9.7.0
7
7.0.0
6
8.1.0
6
9.0.1
5
9.1.0
5
7.7.3
3
7.8.11
3
7.8.2
3
7.9.1
3
8.0.3
3
8.1.2
3
9.6.0
3
6.4.0
2
6.5.1
2
6.6.0
2
6.6.1
2
6.7.0
2
7.1.4
2
7.1.7
2
7.4.0
2
7.5.0
2
7.5.1
2
7.7.0
2
5.32.0
1
5.34.0
1
5.35.0
1
5.36.0
1
5.38
1
6.0.2
1
6.1
1
6.2.0
1
6.3.0
1
6.3.8
1
7.2.0
1
7.8.3
1
7.9.2
1
9.11.0
1
9.11.1
1
9.5.9
1
go/github.com/mattermost/mattermost/server/v8System Role with edit access to permissions can elevate themselves to system admin
7.2
EPSS
0.05%
First published (updated )
MattermostUser creation date manipulation in POST /api/v4/users
5.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8One-click Client-Side Path Traversal Leading to CSRF in User Management admin page
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostServer crash via Elasticsearch certificate file
4.9
First published (updated )
go/github.com/mattermost/mattermost/server/v8Email addresses of remote users visible in props regardless of server settings
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Munged email address used for password resets and notifications
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8Permanently local data deletion by malicious remote
8.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Malicious remote can invite itself to an arbitrary local channel
9.6
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can add users to arbitrary teams and channels
8.7
First published (updated )
go/github.com/mattermost/mattermost/server/v8Existing local user overwritten by malicious remote
7.4
First published (updated )
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary reactions on arbitrary posts
4.3
First published (updated )
MattermostLimited DoS due to permitting creating users with user-defined IDs
6.5
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostRemoteClusterFrame payloads are audit logged in full
2.7
First published (updated )
MattermostCreating posts with user-defined IDs permitted in CreatePost API
5.4
First published (updated )
MattermostTiming attack during remote cluster token comparison when shared channels are enabled
8.1
First published (updated )
MattermostChannel IDs of archived/restored channels leaked via webhook events
5.3
First published (updated )
MattermostLack of permission check when updating the profile picture of a remote user (shared channels enabled)
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostOpen redirect in /oauth/<service>/mobile_login?redirect_to=
6.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
4.3
EPSS
0.04%
First published (updated )
MattermostPermalink previews displayed for posts in archived channels even if users are disallowed to view archived channels
4.3
First published (updated )
MattermostLog Flooding due to specially crafted requests in different endpoints
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostDenial of Service via specially crafted block fields in Mattermost Boards
7.5
First published (updated )
MattermostDenial of Service via Board Import Zip Bomb
7.5
First published (updated )
MattermostUsers full name disclosure through Mattermost Boards with Show Full Name Option disabled
4.3
First published (updated )
MattermostUsername and Icon override can be used by members when Hardened Mode is enabled
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.