Filter
AND

Versions

9.5.0
19
4.2.0
18
4.3.0-rc1
18
4.3.0-rc2
18
4.3.0-rc3
18
4.3.0-rc4
18
8.1.0
15
5.7.0
14
9.2.0
14
5.8.0
11
7.10.0
11
7.8.0
11
7.9.0
11
8.0.0
11
4.1.0
10
5.9.0-rc1
10
5.9.0-rc2
10
5.9.0-rc3
10
5.9.0-rc4
10
3.7.0
9
4.2.0-rc1
9
4.2.0-rc2
9
4.2.0-rc3
9
4.2.0-rc4
9
9.0.0
9
3.8.0
8
8.1.5
8
9.3.0
8
9.4.0
8
9.9.0
8
9.2.1
7
3.10.0
6
5.16.0
6
9.10.0
6
9.11.0
6
5.15.0
5
5.17.0
5
5.6.0
5
6.4.0
5
7.8.14
5
9.0.3
5
9.1.1
5
9.1.2
5
9.8.0
5
4.6.0
4
5.0.0
4
5.18.0-rc1
4
5.18.0-rc2
4
5.18.0-rc3
4
5.18.0-rc4
4
6.2.0
4
6.3.0
4
7.7.1
4
8.1.7
4
9.1.0
4
3.6.0
3
4.0.0
3
4.4.0
3
5.12.0
3
5.5.0
3
6.6.0
3
9.7.0
3
10.0.0
2
10.0.0-rc1
2
10.0.0-rc2
2
10.0.0-rc3
2
10.0.0-rc4
2
4.10.0
2
4.5.0-rc1
2
4.5.0-rc2
2
4.5.0-rc3
2
4.5.0-rc4
2
4.7.0
2
4.7.0-rc1
2
4.7.0-rc2
2
4.7.0-rc3
2
4.7.0-rc4
2
4.8.0
2
5.1.0
2
5.2.0-rc1
2
5.2.0-rc2
2
5.2.0-rc3
2
5.2.0-rc4
2
5.2.0-rc5
2
5.2.0-rc6
2
5.37.0
2
5.7.0-rc1
2
5.7.0-rc2
2
5.7.0-rc3
2
5.7.0-rc4
2
5.7.0-rc5
2
5.7.0-rc6
2
5.8.0-rc1
2
5.8.0-rc2
2
5.8.0-rc3
2
5.8.0-rc4
2
5.9.0
2
6.0
2
6.0.0
2
6.7.0
2
9.11.0-rc1
2
9.11.0-rc2
2
9.11.0-rc3
2
4.3.0
1
4.9.0
1
5.1.0-rc1
1
5.1.0-rc2
1
5.1.0-rc3
1
5.1.0-rc4
1
5.10.0
1
5.10.0-rc1
1
5.10.0-rc2
1
5.10.0-rc3
1
5.10.0-rc4
1
5.10.0-rc5
1
5.10.0-rc6
1
5.11.0
1
5.12.0-rc1
1
5.12.0-rc2
1
5.12.0-rc3
1
5.12.0-rc4
1
5.12.0-rc5
1
5.12.0-rc6
1
5.13.0
1
5.14.0
1
5.14.0-rc1
1
5.14.0-rc2
1
5.14.0-rc3
1
5.14.0-rc4
1
5.14.0-rc5
1
5.18.0
1
5.19.0-rc1
1
5.19.0-rc2
1
5.19.0-rc3
1
5.2.0
1
5.32.0
1
6.5.0
1
6.6.1
1
7.2.0
1
9.1.4
1
9.10.2
1
9.11.1
1
9.2.3
1
9.5.9
1

Mattermost Mattermost ServerPrivate channel names leaking when Elasticsearch is enabled

medium
4.3
First published (updated )
CVE-2024-52032

Mattermost Mattermost ServerMFA Code Replay

medium
4.8
First published (updated )
CVE-2024-36250

Mattermost Mattermost ServerUnauthorized Access to view channels' details

medium
4.3
First published (updated )
CVE-2024-42000

Mattermost Mattermost ServerClient-Side Path Traversal Leading to CSRF in Playbooks

medium
4.6
First published (updated )
CVE-2024-46872

Mattermost Mattermost ServerDoS via non-string message using permalink embed

medium
6.5
First published (updated )
CVE-2024-47003

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Mattermost Mattermost ServerUnauthorized access on archived channels

medium
5.4
First published (updated )
CVE-2024-42406

Mattermost Mattermost ServerWeak SSRF Filtering

medium
5.4
First published (updated )
CVE-2024-45843

Mattermost Mattermost ServerUnauthorized access on archived channels via file links

medium
4.3
First published (updated )
CVE-2024-47145

npm/mattermost-desktopInsufficient Electron Fuses Configuration

medium
6.5
First published (updated )
CVE-2024-45835

go/github.com/mattermost/mattermost/server/v8Insufficient permissions checks on teams

medium
6
First published (updated )
CVE-2024-42497

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/mattermost/mattermost/server/v8Unauthorized channel file upload

medium
4.3
First published (updated )
CVE-2024-43780

go/github.com/mattermost/mattermost/server/v8Unauthorized disabling of invite URL

low
2.7
First published (updated )
CVE-2024-40884

go/github.com/mattermost/mattermost/server/v8Malicious remote can claim that a user was synced from another remote

medium
4.3
First published (updated )
CVE-2024-41926

go/github.com/mattermost/mattermost/server/v8Malicious remote can make an arbitrary local channel read-only

medium
4.3
First published (updated )
CVE-2024-41162

go/github.com/mattermost/mattermost/server/v8Malicious remote can create/update/delete arbitrary posts in arbitrary channels

high
7.1
First published (updated )
CVE-2024-41144

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/mattermost/mattermost/server/v8Remote username set to an arbitrary string by remote user

medium
4.3
First published (updated )
CVE-2024-39839

go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary channels

medium
5.4
First published (updated )
CVE-2024-39837

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.…

medium
6.5
First published (updated )
CVE-2024-2447

go/github.com/mattermost/mattermost/server/v8Invite ID available to team admins even without the "Add Members" permission

medium
4.7
EPSS
0.04%
First published (updated )
CVE-2024-29221

go/github.com/mattermost/mattermost/server/v8DoS via a large number of User Preferences

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-28949

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/mattermost/mattermost/server/v8Users maintain access to active call after being removed from a channel

low
3.1
First published (updated )
CVE-2024-21848

Mattermost Mattermost ServerReflected XSS in Mattermost Jira plugin

medium
6.1
First published (updated )
CVE-2024-2445

Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…

high
8.8
First published (updated )
CVE-2024-2450

Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…

medium
4.3
First published (updated )
CVE-2024-2446

Mattermost Mattermost ServerResource Exhaustion via the Invitation Feature

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2024-28053

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li…

medium
4.3
First published (updated )
CVE-2024-1953

go/github.com/mattermost/mattermost/server/v8Infoleak

medium
4.3
First published (updated )
CVE-2024-1952

go/github.com/mattermost/mattermost/server/v8Infoleak, Race Condition

low
2.6
First published (updated )
CVE-2024-1949

go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata …

medium
4.3
First published (updated )
CVE-2024-1942

go/github.com/mattermost/mattermost/server/v8Denial of service in mattermost mobile apps and server via emoji reactions

medium
4.3
First published (updated )
CVE-2024-1402

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203