mattermost

607 tracked vulnerabilities.

CVE-2024-41144 MEDIUM
Mattermost Server < 9.5.7 - Improper Access Control
Aug 01, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-39839 MEDIUM
Mattermost 9.5.0-9.5.6, 9.7.0-9.7.5, 9.8.0-9.8.1, 9.9.0 - Improper Access Control in Shared Channels
Aug 01, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-39837 LOW
Mattermost 9.5.0-9.5.6 and 9.9.0 - Unauthenticated Arbitrary Channel Creation via Shared Channels
Aug 01, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-39832 MEDIUM
Mattermost 9.5.0-9.5.6 9.7.0-9.7.5 9.8.0-9.8.1 9.9.0 - Unauthenticated Local Data Deletion via Error Handling Abuse
Aug 01, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-39777 HIGH
Mattermost 9.5.0-9.5.6 9.7.0-9.7.5 9.8.0-9.8.1 9.9.0 - Improper Access Control via Shared Channel Invite
Aug 01, 2024
CVSS 8.7
EPSS 0.00
CVE-2024-39274 HIGH
Mattermost 9.5.0-9.5.6 9.7.0-9.7.5 9.8.0-9.8.1 9.9.0 - Improper Access Control in Shared Channel Validation
Aug 01, 2024
CVSS 8.7
EPSS 0.00
CVE-2024-36492 HIGH
Mattermost <9.9.0-9.8.1 - Privilege Escalation
Aug 01, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-29977 LOW
Mattermost 9.5.0-9.5.6 and 9.9.0 - Improper Access Control for Synced Reactions
Aug 01, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-39767 MEDIUM
Mattermost Mobile Apps <=2.16.0 - Improper Push Notification Validation
Jul 15, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-32945 LOW
Mattermost Mobile Apps <=2.16.0 - XSS
Jul 15, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-6428 MEDIUM
Mattermost <9.8.0 - Info Disclosure
Jul 03, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-39830 HIGH
Mattermost 9.5.0-9.5.5 9.6.0-9.6.2 9.7.0-9.7.4 9.8.0 - Remote Cluster Token Timing Attack via Shared Channels
Jul 03, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-39807 LOW
Mattermost 9.5.0-9.5.5 and 9.8.0 - Exposure of Sensitive Information via Webhook Event Recipients
Jul 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-39361 LOW
Mattermost 9.5.0-9.5.5, 9.6.0-9.6.2, 9.7.0-9.7.4, 9.8.0 - Improper Access Control via Post RemoteId Manipulation
Jul 03, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-39353 LOW
Mattermost 9.5.0-9.5.5 and 9.8.0 - Exposure of Sensitive Information via Audit Log Sanitization Issue
Jul 03, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-36257 LOW
Mattermost <9.5.5, 9.8.0 - Info Disclosure
Jul 03, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-37182 MEDIUM
Mattermost Desktop App <=5.7.0 - RCE
Jun 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-36287 LOW
Mattermost Desktop App <=5.7.0 - Auth Bypass
Jun 14, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-5272 MEDIUM
Mattermost 8.1.0-8.1.12 9.5.0-9.5.3 9.6.0-9.6.1 - Improper Access Control in Playbook Run Webhook Event
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-5270 MEDIUM
Mattermost 8.1.0-8.1.12, 9.5.0-9.5.3, 9.6.0-9.6.1, 9.7.0-9.7.1 - Improper Access Control via SAML to Email Switch
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-36255 MEDIUM
Mattermost <9.5.3, 9.6.1, 8.1.12 - RCE
May 26, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-36241 LOW
Mattermost <9.5.4, <9.6.2, <8.1.13 - Info Disclosure
May 26, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-34152 MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-34029 MEDIUM
Mattermost <9.5.4, 9.7.2, 8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-32045 MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Privilege Escalation
May 26, 2024
CVSS 5.9
EPSS 0.00