mattermost
575 tracked vulnerabilities.
CVE-2023-48732
MEDIUM
Mattermost < 8.1.7 - Unauthorized Exposure of Notification Information via WebSocket Broadcast
Jan 02, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-47858
MEDIUM
Mattermost < 8.1.7, < 7.8.10 - Improper Access Control via Archived Public Channel Endpoint
Jan 02, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-7114
HIGH
Mattermost < 2.10.1 - Cross-Site Request Forgery via Deeplink Path
Dec 29, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-7113
LOW
Mattermost < 8.1.7 - Stored Cross-Site Scripting via Channel Mention Data
Dec 29, 2023
CVSS 3.7
EPSS 0.01
CVE-2023-6727
LOW
Mattermost < 8.1.5 - Unauthorized Playbook Action Creation and Information Leak
Dec 12, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-6547
LOW
Mattermost < 8.1.5 - Improper Access Control in Playbook Team Membership Validation
Dec 12, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-49874
MEDIUM
Mattermost < 7.8.14 - Unauthenticated Improper Access Control in Private Playbook Run Task Update
Dec 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-49809
MEDIUM
Mattermost Server < 8.1.5 - Denial of Service via Null Request Body in /add Endpoint
Dec 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-49607
MEDIUM
Mattermost < 7.8.14 - Denial of Service via Reminder Parameter Type Mismatch
Dec 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-46701
MEDIUM
Mattermost < 7.8.14 - Unauthenticated Information Disclosure via Playbooks Plugin Timeline Endpoint
Dec 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-45847
MEDIUM
Mattermost < 7.8.14 - Denial of Service via Playbooks Checklist Title Length
Dec 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-45316
HIGH
Mattermost < 7.8.14 - Cross-Site Request Forgery via Telemetry Run ID Path Traversal
Dec 12, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-6459
MEDIUM
Mattermost < 7.8.14 and < 8.1.5 - Unauthenticated Exposure of Sensitive Channel IDs via Metrics Endpoint
Dec 06, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-6458
HIGH
Mattermost < 7.8.14, 8.1.5, 9.1.2 - Client-Side Path Traversal via Route Parameters
Dec 06, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-6202
MEDIUM
Mattermost < 7.8.12, 9.1.0-9.1.1 - Unauthenticated Improper Access Control via Boards User Endpoint
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-48369
MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Uncontrolled Resource Consumption via Log Overflow
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-48268
MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Denial of Service via Zip Bomb in Board Import
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-47168
MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Open Redirect via OAuth Redirect Parameter
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-45223
MEDIUM
Mattermost < 7.8.12, 8.0.0-8.1.3, 7.8.13 - Unauthorized Exposure of User Full Name via Boards Endpoints
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-43754
MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Unauthorized Exposure of Archived Channel Permalink Previews
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40703
MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Denial of Service via Block Field String Injection
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-35075
LOW
Mattermost < 7.8.12, 8.0.0-8.1.3, 7.8.12-7.8.12 - HTML Injection via Channel Name Autocomplete
Nov 27, 2023
CVSS 3.1
EPSS 0.01
CVE-2023-47865
MEDIUM
Mattermost < 7.8.12, 8.0.0-8.1.3, 7.8.13 - Improper Access Control via Hardened Mode Bypass
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-5969
MEDIUM
Mattermost < 7.8.11, 7.8.12, 8.0.4 - Denial of Service via Redirect Location Caching
Nov 06, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-5968
MEDIUM
Mattermost - Exposure of Sensitive Information via User Object Sanitization Failure
Nov 06, 2023
CVSS 4.9
EPSS 0.00
Products
mattermost_server 412
mattermost 233
mattermost-server 186
Mattermost 74
mattermost_desktop 23
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-msteams 4
mattermost-plugin-playbooks 4
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-calls 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
channel_export 1
mattermost-plugin-channel-export 1
mattermost-plugin-github 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters