Filter
AND
Versions
9.5.0
19
8.0.0
18
7.8.0
16
7.9.0
16
7.10.0
15
9.8.0
15
9.9.0
10
7.8.12
9
7.8.4
9
8.1.3
9
7.9.3
8
7.1.0
7
7.1.9
7
9.0.0
7
9.10.0
7
9.7.0
7
7.0.0
6
8.1.0
6
9.0.1
5
9.1.0
5
7.7.3
3
7.8.11
3
7.8.2
3
7.9.1
3
8.0.3
3
8.1.2
3
9.6.0
3
6.4.0
2
6.5.1
2
6.6.0
2
6.6.1
2
6.7.0
2
7.1.4
2
7.1.7
2
7.4.0
2
7.5.0
2
7.5.1
2
7.7.0
2
5.32.0
1
5.34.0
1
5.35.0
1
5.36.0
1
5.38
1
6.0.2
1
6.1
1
6.2.0
1
6.3.0
1
6.3.8
1
7.2.0
1
7.8.3
1
7.9.2
1
9.11.0
1
9.11.1
1
9.5.9
1
MattermostServer-side Denial of Service while processing a specifically crafted GIF file
5.7
First published (updated )
MattermostUsers can view the contents of an archived channel when access is explicitly denied by the system admin
6.5
First published (updated )
MattermostTeam Creator's Email Address is disclosed to Team Members via one of the APIs
6.5
First published (updated )
MattermostSysadmin can override existing configs & bypass restrictions like EnableUploads
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostMalicious imports can lead to Denial of Service
6.5
First published (updated )
MattermostGuest accounts can list all public channels
4.3
First published (updated )
MattermostAuthenticated user could send multiple requests containing a large payload to a Playbooks API and can crash a Mattermost server
6.5
First published (updated )
MattermostAuthenticated user could send multiple requests containing a large Auto Responder Message payload and can crash a Mattermost server
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostAuthenticated user could send multiple requests containing a parameter which could fetch a large amount of data and can crash a Mattermost server
6.5
First published (updated )
MattermostIDOR: Accessing playbook runs via the Playbooks Runs API
6.5
First published (updated )
MattermostIDOR: Updating a playbook via the Playbooks API
7.1
First published (updated )
MattermostFull name revealed via /plugins/focalboard/api/v2/users
4.3
First published (updated )
MattermostOauth authorization codes do not expire when deauthorizing an oauth2 app
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostDB username/password revealed in application logs
7.5
First published (updated )
MattermostLack of URL normalization allows rendering previews for disallowed domains
5.3
First published (updated )
MattermostApp Framework does not checks for the secret provided in the incoming webhook request
4.3
First published (updated )
MattermostApps Framework allows install requests from regular members via an internal path
6.5
First published (updated )
MattermostChannel commands execution doesn't properly verify permissions
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostCollapsed Reply Threads APIs leak message contents from private channels
6.5
First published (updated )
MattermostDeactivated user can retain access using oauth2 api
6.5
First published (updated )
MattermostEphemeral messages return private channel contents in permalink previews
6.5
First published (updated )
MattermostStack exhaustion in PreparePostForClientWithEmbedsAndImages
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostPath traversal in GitHub plugin's code preview feature
6.5
First published (updated )
MattermostDenial of Service while unescaping a Markdown string
6.5
First published (updated )
MattermostSpecially crafted search query can cause large log entries in postgres
4.3
First published (updated )
MattermostDenial of Service via Board Import Zip Bomb
7.5
First published (updated )
MattermostOpen redirect in /oauth/<service>/mobile_login?redirect_to=
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.