Filter
Software
Mattermost Mattermost ServerResource Exhaustion via the Invitation Feature
6.5
EPSS
0.04%
First published (updated )
Mattermost Mattermost ServerPublic endpoint /metrics of Calls plugin reveals channel IDs
5.3
EPSS
0.05%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Invite ID available to team admins even without the "Add Members" permission
4.7
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Users maintain access to active call after being removed from a channel
3.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li…
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Infoleak, Race Condition
2.6
First published (updated )
Mattermost Mattermost ServerReflected XSS in Mattermost Jira plugin
6.1
First published (updated )
go/github.com/mattermost/mattermost/server/v8Infoleak
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata …
4.3
First published (updated )
Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerMattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.…
8.8
First published (updated )
go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.…
6.5
First published (updated )
go/github.com/mattermost/mattermost/server/v8DoS via a large number of User Preferences
6.5
EPSS
0.04%
First published (updated )
Mattermost MattermostServer-side Denial of Service while processing a specifically crafted GIF file
5.7
First published (updated )
Mattermost Mattermost BoardsSession is not invalidated on server-side when user logged out of Boards
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost BoardsEmails of all users are exposed via one of the Boards APIs
4.3
First published (updated )
Mattermost MattermostUsers can view the contents of an archived channel when access is explicitly denied by the system admin
6.5
First published (updated )
Mattermost MattermostTeam Creator's Email Address is disclosed to Team Members via one of the APIs
6.5
First published (updated )
Mattermost Mattermost ServerStack overflow in SAML login in Mattermost
7.5
First published (updated )
Mattermost Mattermost ServerStack overflow in document extractor in Mattermost
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost MattermostSysadmin can override existing configs & bypass restrictions like EnableUploads
4.9
First published (updated )
Mattermost MattermostHTML Injection while inviting Guests
5.4
First published (updated )
Mattermost Mattermost ServerOOM DoS in Mattermost image proxy
6.5
First published (updated )
Mattermost PlaybooksA specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
6.5
First published (updated )
Mattermost Mattermost ServerRestricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mattermost ServerInvitation Email is resent as a Reminder after invalidating pending email invites
5.8
First published (updated )
Mattermost Mattermost ServerAuthorized users are allowed to install old plugin versions from the Marketplace
8.8
First published (updated )
Mattermost PlaybooksPlaybook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
8.8
First published (updated )
Mattermost Mattermost ServerA crafted SVG attachment can crash a Mattermost server
6.5
First published (updated )
Mattermost Mattermost ServerIncorrect defaults can cause attackers to bypass rate limitations
5.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.