mattermost

607 tracked vulnerabilities.

CVE-2024-31859 MEDIUM
Mattermost <9.5.4, <9.6.2, <8.1.13 - Privilege Escalation
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-29215 MEDIUM
Mattermost <9.5.4, 9.7.2, 9.6.2, 8.1.13 - Info Disclosure
May 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-4198 LOW
Mattermost 8.1.0-8.1.11 9.5.0-9.5.2 9.6.0 - Authenticated Role Demotion via Crafted HTTP Requests
Apr 26, 2024
CVSS 2.7
EPSS 0.01
CVE-2024-4195 LOW
Mattermost 8.1.0-8.1.11 9.5.0-9.5.2 - Authenticated Role Escalation via Crafted HTTP Requests
Apr 26, 2024
CVSS 2.7
EPSS 0.01
CVE-2024-4183 MEDIUM
Mattermost 8.1.0-8.1.11, 9.6.0-rc1-9.6.0, 9.5.0-9.5.2, 9.4.0-9.4.4 - DoS via Session Table Flooding
Apr 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-4182 MEDIUM
Mattermost 8.1.0-8.1.11, 9.4.0-9.4.4, 9.5.0-9.5.2 - Authenticated Denial of Service via Malformed Custom Status JSON
Apr 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-32046 MEDIUM
Mattermost <9.6.0, <9.5.2, <9.4.4 and <8.1.11 - Info Disclosure
Apr 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-22091 LOW
Mattermost <8.1.11, <9.5.2, <9.6.0 - DoS
Apr 26, 2024
CVSS 3.1
EPSS 0.01
CVE-2024-3872 LOW
Mattermost Mobile < 2.13.0 - Unauthenticated Denial of Service via Malicious Deeplink
Apr 16, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-2447 MEDIUM
Mattermost <8.1.11-9.5.2 - Privilege Escalation
Apr 05, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-29221 MEDIUM
Mattermost Server <9.5.2-8.1.11 - Info Disclosure
Apr 05, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-28949 MEDIUM
Mattermost Server 8.1.0-8.1.10, 9.3.0-9.3.2, 9.4.0-9.4.3, 9.5.0-9.5.1 - Denial of Service via Unlimited User Preferences
Apr 05, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-21848 LOW
Mattermost Server <8.1.11 - Privilege Escalation
Apr 05, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-2450 HIGH
Mattermost <8.1.10, <9.2.6, <9.3.2, <9.4.3 - Privilege Escalation
Mar 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-2446 MEDIUM
Mattermost <8.1.10, <9.2.6, <9.3.2, <9.4.3 - DoS
Mar 15, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-2445 MEDIUM
Mattermost Server 8.1.0-8.1.9, 9.2.0-9.2.5, 9.3.0-9.3.1, 9.4.0-9.4.2 - Reflected Cross-Site Scripting in Jira Plugin
Mar 15, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-28053 LOW
Mattermost Server 8.1.0-8.1.9 - Denial of Service via Large Email Payload
Mar 15, 2024
CVSS 3.1
EPSS 0.01
CVE-2024-24975 LOW
Mattermost Mobile < 2.13.0 - Denial of Service via Large Code Block Syntax Highlighting
Mar 15, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-1953 MEDIUM
Mattermost <8.1.9, <9.2.5, 9.3.0, <9.4.2 - DoS
Feb 29, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-1952 LOW
Mattermost <8.1.9 - Info Disclosure
Feb 29, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-1949 LOW
Mattermost <8.1.9-9.4.2 - Privilege Escalation
Feb 29, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-1942 MEDIUM
Mattermost <8.1.9, <9.2.5, 9.3.0 - Info Disclosure
Feb 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-1888 MEDIUM
Mattermost <8.1.9 and 9.4.0-9.4.2 - Improper Access Control in Guest Invitation
Feb 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-24988 MEDIUM
Mattermost < 8.1.8 and 9.3.0-9.3.1 - Denial of Service via Custom User Status Emoji Length
Feb 29, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-23493 MEDIUM
Mattermost < 8.1.9 and 9.4.0-9.4.1 - Missing Authorization for AD/LDAP Group Details
Feb 29, 2024
CVSS 4.3
EPSS 0.00