Filters
Mattermost MattermostOpen redirect in /oauth/<service>/mobile_login?redirect_to=
6.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards
4.3
EPSS
0.04%
First published (updated )
Mattermost MattermostPermalink previews displayed for posts in archived channels even if users are disallowed to view archived channels
4.3
First published (updated )
Mattermost MattermostLog Flooding due to specially crafted requests in different endpoints
5.3
First published (updated )
Mattermost MattermostHTML injection via channel autocomplete
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostDenial of Service via specially crafted block fields in Mattermost Boards
7.5
First published (updated )
Mattermost MattermostDenial of Service via Board Import Zip Bomb
7.5
First published (updated )
Mattermost MattermostUsers full name disclosure through Mattermost Boards with Show Full Name Option disabled
4.3
First published (updated )
Mattermost MattermostUsername and Icon override can be used by members when Hardened Mode is enabled
4.3
First published (updated )
Mattermost MattermostDenial of Service via Link Preview in /api/v4/redirect_location
5.3
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostPassword hash in response body after username update
4.9
EPSS
0.05%
First published (updated )
Mattermost MattermostDenial of Service via crashing the Calls Plugin
4.3
EPSS
0.04%
First published (updated )
Mattermost MattermostFull name disclosure via team top membership with Show Full Name option disabled
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8A system/user manager can demote / deactivate another manager
4.3
First published (updated )
Mattermost MattermostA team member can soft delete other teams that they are not part of
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostSystem Role with manage posts permission can read posts of Direct Messages
4.9
First published (updated )
Mattermost MattermostDoS via Channel Notification Properties
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8A User Manager role with user edit permissions could manage/update bots
3.8
First published (updated )