Filter
AND
AND
Versions
MattermostUser creation date manipulation in POST /api/v4/users
5.3
First published (updated )
MattermostServer crash via Elasticsearch certificate file
4.9
First published (updated )
go/github.com/mattermost/mattermost/server/v8Email addresses of remote users visible in props regardless of server settings
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Munged email address used for password resets and notifications
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Malicious remote can create arbitrary reactions on arbitrary posts
4.3
First published (updated )
MattermostLimited DoS due to permitting creating users with user-defined IDs
6.5
EPSS
0.05%
First published (updated )
MattermostCreating posts with user-defined IDs permitted in CreatePost API
5.4
First published (updated )
MattermostChannel IDs of archived/restored channels leaked via webhook events
5.3
First published (updated )
MattermostLack of permission check when updating the profile picture of a remote user (shared channels enabled)
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostOpen redirect in /oauth/<service>/mobile_login?redirect_to=
6.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
4.3
EPSS
0.04%
First published (updated )
MattermostPermalink previews displayed for posts in archived channels even if users are disallowed to view archived channels
4.3
First published (updated )
MattermostLog Flooding due to specially crafted requests in different endpoints
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostUsers full name disclosure through Mattermost Boards with Show Full Name Option disabled
4.3
First published (updated )
MattermostUsername and Icon override can be used by members when Hardened Mode is enabled
4.3
First published (updated )
MattermostDenial of Service via Link Preview in /api/v4/redirect_location
5.3
EPSS
0.05%
First published (updated )
MattermostPassword hash in response body after username update
4.9
EPSS
0.05%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Denial of Service via crashing the Calls Plugin
4.3
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostMobile app freezes when receiving a post with hundreds of emojis
4.3
First published (updated )
MattermostFull name disclosure via team top membership with Show Full Name option disabled
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8A system/user manager can demote / deactivate another manager
4.3
First published (updated )
MattermostA team member can soft delete other teams that they are not part of
6.5
First published (updated )
MattermostSystem Role with manage posts permission can read posts of Direct Messages
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost-server/v6Incorrect authorization allows a user manager to update a system admin
6.7
First published (updated )
go/github.com/mattermost/mattermost-server/v6A guest user can perform various actions on public playbooks
6.5
First published (updated )
go/github.com/mattermost/mattermost-server/v6Attachment of deleted message in a thread remains accessible and downloadable
4.3
First published (updated )
MattermostSpecially crafted search query can cause large log entries in postgres
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.