mattermost
575 tracked vulnerabilities.
CVE-2024-29977
LOW
Mattermost 9.5.0-9.5.6 and 9.9.0 - Improper Access Control for Synced Reactions
Aug 01, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-39767
MEDIUM
Mattermost Mobile Apps <=2.16.0 - Improper Push Notification Validation
Jul 15, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-32945
LOW
Mattermost Mobile Apps <=2.16.0 - XSS
Jul 15, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-6428
MEDIUM
Mattermost <9.8.0 - Info Disclosure
Jul 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39830
HIGH
Mattermost 9.5.0-9.5.5 9.6.0-9.6.2 9.7.0-9.7.4 9.8.0 - Remote Cluster Token Timing Attack via Shared Channels
Jul 03, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-39807
LOW
Mattermost 9.5.0-9.5.5 and 9.8.0 - Exposure of Sensitive Information via Webhook Event Recipients
Jul 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-39361
LOW
Mattermost 9.5.0-9.5.5, 9.6.0-9.6.2, 9.7.0-9.7.4, 9.8.0 - Improper Access Control via Post RemoteId Manipulation
Jul 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-39353
LOW
Mattermost 9.5.0-9.5.5 and 9.8.0 - Exposure of Sensitive Information via Audit Log Sanitization Issue
Jul 03, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-36257
LOW
Mattermost <9.5.5, 9.8.0 - Info Disclosure
Jul 03, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-37182
MEDIUM
Mattermost Desktop App <=5.7.0 - RCE
Jun 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-36287
LOW
Mattermost Desktop App <=5.7.0 - Auth Bypass
Jun 14, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-5272
MEDIUM
Mattermost 8.1.0-8.1.12 9.5.0-9.5.3 9.6.0-9.6.1 - Improper Access Control in Playbook Run Webhook Event
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-5270
MEDIUM
Mattermost 8.1.0-8.1.12, 9.5.0-9.5.3, 9.6.0-9.6.1, 9.7.0-9.7.1 - Improper Access Control via SAML to Email Switch
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-36255
MEDIUM
Mattermost <9.5.3, 9.6.1, 8.1.12 - RCE
May 26, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-36241
LOW
Mattermost <9.5.4, <9.6.2, <8.1.13 - Info Disclosure
May 26, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-34152
MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-34029
MEDIUM
Mattermost <9.5.4, 9.7.2, 8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-32045
MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Privilege Escalation
May 26, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-31859
MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Privilege Escalation
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-29215
MEDIUM
Mattermost <9.5.4, 9.7.2, 9.6.2, 8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-4198
LOW
Mattermost 8.1.0-8.1.11 9.5.0-9.5.2 9.6.0 - Authenticated Role Demotion via Crafted HTTP Requests
Apr 26, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-4195
LOW
Mattermost 8.1.0-8.1.11 9.5.0-9.5.2 - Authenticated Role Escalation via Crafted HTTP Requests
Apr 26, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-4183
MEDIUM
Mattermost 8.1.0-8.1.11, 9.6.0-rc1-9.6.0, 9.5.0-9.5.2, 9.4.0-9.4.4 - DoS via Session Table Flooding
Apr 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-4182
MEDIUM
Mattermost 8.1.0-8.1.11, 9.4.0-9.4.4, 9.5.0-9.5.2 - Authenticated Denial of Service via Malformed Custom Status JSON
Apr 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-32046
MEDIUM
Mattermost <9.6.0, <9.5.2, <9.4.4 and <8.1.11 - Info Disclosure
Apr 26, 2024
CVSS 4.3
EPSS 0.00
Products
mattermost_server 412
mattermost 233
mattermost-server 186
Mattermost 74
mattermost_desktop 23
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-msteams 4
mattermost-plugin-playbooks 4
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-calls 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
channel_export 1
mattermost-plugin-channel-export 1
mattermost-plugin-github 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters