mattermost
607 tracked vulnerabilities.
CVE-2024-41144
MEDIUM
Mattermost Server < 9.5.7 - Improper Access Control
Aug 01, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-39839
MEDIUM
Mattermost 9.5.0-9.5.6, 9.7.0-9.7.5, 9.8.0-9.8.1, 9.9.0 - Improper Access Control in Shared Channels
Aug 01, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39837
LOW
Mattermost 9.5.0-9.5.6 and 9.9.0 - Unauthenticated Arbitrary Channel Creation via Shared Channels
Aug 01, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-39832
MEDIUM
Mattermost 9.5.0-9.5.6 9.7.0-9.7.5 9.8.0-9.8.1 9.9.0 - Unauthenticated Local Data Deletion via Error Handling Abuse
Aug 01, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-39777
HIGH
Mattermost 9.5.0-9.5.6 9.7.0-9.7.5 9.8.0-9.8.1 9.9.0 - Improper Access Control via Shared Channel Invite
Aug 01, 2024
CVSS 8.7
EPSS 0.00
CVE-2024-39274
HIGH
Mattermost 9.5.0-9.5.6 9.7.0-9.7.5 9.8.0-9.8.1 9.9.0 - Improper Access Control in Shared Channel Validation
Aug 01, 2024
CVSS 8.7
EPSS 0.00
CVE-2024-36492
HIGH
Mattermost <9.9.0-9.8.1 - Privilege Escalation
Aug 01, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-29977
LOW
Mattermost 9.5.0-9.5.6 and 9.9.0 - Improper Access Control for Synced Reactions
Aug 01, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-39767
MEDIUM
Mattermost Mobile Apps <=2.16.0 - Improper Push Notification Validation
Jul 15, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-32945
LOW
Mattermost Mobile Apps <=2.16.0 - XSS
Jul 15, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-6428
MEDIUM
Mattermost <9.8.0 - Info Disclosure
Jul 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39830
HIGH
Mattermost 9.5.0-9.5.5 9.6.0-9.6.2 9.7.0-9.7.4 9.8.0 - Remote Cluster Token Timing Attack via Shared Channels
Jul 03, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-39807
LOW
Mattermost 9.5.0-9.5.5 and 9.8.0 - Exposure of Sensitive Information via Webhook Event Recipients
Jul 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-39361
LOW
Mattermost 9.5.0-9.5.5, 9.6.0-9.6.2, 9.7.0-9.7.4, 9.8.0 - Improper Access Control via Post RemoteId Manipulation
Jul 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-39353
LOW
Mattermost 9.5.0-9.5.5 and 9.8.0 - Exposure of Sensitive Information via Audit Log Sanitization Issue
Jul 03, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-36257
LOW
Mattermost <9.5.5, 9.8.0 - Info Disclosure
Jul 03, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-37182
MEDIUM
Mattermost Desktop App <=5.7.0 - RCE
Jun 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-36287
LOW
Mattermost Desktop App <=5.7.0 - Auth Bypass
Jun 14, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-5272
MEDIUM
Mattermost 8.1.0-8.1.12 9.5.0-9.5.3 9.6.0-9.6.1 - Improper Access Control in Playbook Run Webhook Event
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-5270
MEDIUM
Mattermost 8.1.0-8.1.12, 9.5.0-9.5.3, 9.6.0-9.6.1, 9.7.0-9.7.1 - Improper Access Control via SAML to Email Switch
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-36255
MEDIUM
Mattermost <9.5.3, 9.6.1, 8.1.12 - RCE
May 26, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-36241
LOW
Mattermost <9.5.4, <9.6.2, <8.1.13 - Info Disclosure
May 26, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-34152
MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-34029
MEDIUM
Mattermost <9.5.4, 9.7.2, 8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-32045
MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Privilege Escalation
May 26, 2024
CVSS 5.9
EPSS 0.00
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters