mattermost

607 tracked vulnerabilities.

CVE-2025-1412 LOW
Mattermost <9.11.7, <10.4.2 - Privilege Escalation
Feb 24, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-0503 LOW
Mattermost <9.11.7 - Info Disclosure
Feb 14, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-20630 MEDIUM
Mattermost Mobile <=2.22.0 - Code Injection
Jan 16, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-20621 MEDIUM
Mattermost <10.2.0-10.2.0, <9.11.5-9.11.5, <10.0.3-10.0.3, <10.1.3-...
Jan 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-20072 MEDIUM
Mattermost Mobile <=2.22.0 - Code Injection
Jan 16, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-0476 MEDIUM
Mattermost Mobile Apps <=2.22.0 - DoS
Jan 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-21083 MEDIUM
Mattermost Mobile Apps <=2.22.0 - Code Injection
Jan 15, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-20088 MEDIUM
Mattermost <10.2.0-10.2.0, <9.11.5-9.11.5, <10.0.3-10.0.3, <10.1.3-...
Jan 15, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-20086 MEDIUM
Mattermost <10.2.0-10.1.3 - Code Injection
Jan 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-20036 MEDIUM
Mattermost Mobile Apps <=2.22.0 - Code Injection
Jan 15, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-21088 MEDIUM
Mattermost <10.2.0-10.1.3 - Code Injection
Jan 15, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-22449 LOW
Mattermost 9.11.0-9.11.5 - Incorrect Authorization via Team Public Setting
Jan 09, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-22445 LOW
Mattermost 10.x <= 10.2 - Incorrect Security Configuration Reporting in UI
Jan 09, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-20033 MEDIUM
Mattermost 9.11.0-9.11.5, 10.0.0-10.0.3, 10.1.0-10.1.3, 10.2.0 DoS via Custom Post Type Validation Bypass
Jan 09, 2025
CVSS 4.3
EPSS 0.01
CVE-2024-11358 MEDIUM
Mattermost Android Mobile Apps <=2.21.0 - Info Disclosure
Dec 16, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-54682 MEDIUM
Mattermost 9.5.0-9.5.12 10.1.0-10.1.2 - Denial of Service via Slack Import Zip Bomb
Dec 16, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-54083 MEDIUM
Mattermost 9.5.0-9.5.12 10.0.0-10.0.2 10.1.0-10.1.2 - Denial of Service via Crafted Post
Dec 16, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-48872 MEDIUM
Mattermost 9.5.0-9.5.12 9.11.0-9.11.4 10.0.0-10.0.2 10.1.0-10.1.2 - Race Condition in Failed Login Attempts Check
Dec 16, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-12247 MEDIUM
Mattermost 9.7.0-9.7.5 9.8.0-9.8.2 9.9.0-9.9.2 - Incorrect Authorization via Permission Scheme Update Propagation
Dec 05, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-11599 HIGH
Mattermost <10.0.1-9.5.11 - Info Disclosure
Nov 28, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-52032 MEDIUM
Mattermost <10.0.0-9.11.2 - Info Disclosure
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42000 LOW
Mattermost 9.5.0-9.5.9, 9.10.0-9.10.2, 9.11.0-9.11.1, 10.0.0 - Incorrect Authorization via /api/v4/channels
Nov 09, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-36250 LOW
Mattermost <9.11.3-9.5.11 - Info Disclosure
Nov 09, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-47401 MEDIUM
Mattermost <9.10.2, 9.11.1, 9.5.9 - Info Disclosure
Oct 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-46872 MEDIUM
Mattermost 9.5.0-9.5.9, 9.10.0-9.10.2, 9.11.0-9.11.1 - Cross-Site Request Forgery via Playbooks Redirection
Oct 29, 2024
CVSS 4.6
EPSS 0.00