Filter
Software
Mattermost Android Mobile AppsDenial of Service for mobile app users due to automatic code highlighting
6.5
EPSS
0.04%
First published (updated )
Mattermost Mobile appMattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexit…
6.5
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Excessive resource consumption when sending long emoji names in user custom status
6.5
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerTeam associated AD/LDAP Groups Leaked due to missing authorization
6.5
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerResource Exhaustion via the Invitation Feature
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs
5.3
EPSS
0.05%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Invite ID available to team admins even without the "Add Members" permission
4.7
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Users maintain access to active call after being removed from a channel
3.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li…
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Infoleak, Race Condition
2.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerReflected XSS in Mattermost Jira plugin
6.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Infoleak
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata …
4.3
First published (updated )
Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…
4.3
First published (updated )
Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.…
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8DoS via a large number of User Preferences
6.5
EPSS
0.04%
First published (updated )
Mattermost MattermostServer-side Denial of Service while processing a specifically crafted GIF file
5.7
First published (updated )
Mattermost Mattermost BoardsSession is not invalidated on server-side when user logged out of Boards
7.5
First published (updated )
Mattermost Mattermost BoardsEmails of all users are exposed via one of the Boards APIs
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostUsers can view the contents of an archived channel when access is explicitly denied by the system admin
6.5
First published (updated )
Mattermost MattermostTeam Creator's Email Address is disclosed to Team Members via one of the APIs
6.5
First published (updated )
Mattermost Mattermost ServerStack overflow in SAML login in Mattermost
7.5
First published (updated )
Mattermost Mattermost ServerStack overflow in document extractor in Mattermost
6.5
First published (updated )
Mattermost MattermostSysadmin can override existing configs & bypass restrictions like EnableUploads
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostHTML Injection while inviting Guests
5.4
First published (updated )
Mattermost Mattermost ServerOOM DoS in Mattermost image proxy
6.5
First published (updated )
Mattermost PlaybooksA specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
6.5
First published (updated )
Mattermost Mattermost ServerRestricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents
4.3
First published (updated )
Mattermost Mattermost ServerInvitation Email is resent as a Reminder after invalidating pending email invites
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.