mattermost

607 tracked vulnerabilities.

CVE-2024-23488 LOW
Mattermost < 8.1.9 and 9.0.0-9.4.2 - Improper Access Control in Archived Channel File Attachments
Feb 29, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-1887 MEDIUM
Mattermost < 8.1.9 and 9.3.0-9.3.1 - Improper Access Control in Public Channel Post Fetching
Feb 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-1402 MEDIUM
Mattermost < 8.1.7 and < 8.1.8 - Denial of Service via Custom Emoji Reaction Overload
Feb 09, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-24776 LOW
Mattermost < 8.1.7 and 8.1.8 - Unauthenticated Channel Member Count Leak via API
Feb 09, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-24774 LOW
Mattermost Jira Plugin - Info Disclosure
Feb 09, 2024
CVSS 3.4
EPSS 0.00
CVE-2024-23319 LOW
Mattermost Jira Plugin < 1.1.2-0.20230830170046-f4cf4c6de017 - Cross-Site Request Forgery via Crafted Message
Feb 09, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-50333 LOW
Mattermost < 8.1.7 - Improper Access Control via Session Permission Update
Jan 02, 2024
CVSS 3.7
EPSS 0.00
CVE-2023-48732 MEDIUM
Mattermost < 8.1.7 - Unauthorized Exposure of Notification Information via WebSocket Broadcast
Jan 02, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-47858 MEDIUM
Mattermost < 8.1.7, < 7.8.10 - Improper Access Control via Archived Public Channel Endpoint
Jan 02, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-7114 HIGH
Mattermost < 2.10.1 - Cross-Site Request Forgery via Deeplink Path
Dec 29, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-7113 LOW
Mattermost < 8.1.7 - Stored Cross-Site Scripting via Channel Mention Data
Dec 29, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-6727 LOW
Mattermost < 8.1.5 - Unauthorized Playbook Action Creation and Information Leak
Dec 12, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-6547 LOW
Mattermost < 8.1.5 - Improper Access Control in Playbook Team Membership Validation
Dec 12, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-49874 MEDIUM
Mattermost < 7.8.14 - Unauthenticated Improper Access Control in Private Playbook Run Task Update
Dec 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-49809 MEDIUM
Mattermost Server < 8.1.5 - Denial of Service via Null Request Body in /add Endpoint
Dec 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-49607 MEDIUM
Mattermost < 7.8.14 - Denial of Service via Reminder Parameter Type Mismatch
Dec 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-46701 MEDIUM
Mattermost < 7.8.14 - Unauthenticated Information Disclosure via Playbooks Plugin Timeline Endpoint
Dec 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-45847 MEDIUM
Mattermost < 7.8.14 - Denial of Service via Playbooks Checklist Title Length
Dec 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-45316 HIGH
Mattermost < 7.8.14 - Cross-Site Request Forgery via Telemetry Run ID Path Traversal
Dec 12, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-6459 MEDIUM
Mattermost < 7.8.14 and < 8.1.5 - Unauthenticated Exposure of Sensitive Channel IDs via Metrics Endpoint
Dec 06, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-6458 HIGH
Mattermost < 7.8.14, 8.1.5, 9.1.2 - Client-Side Path Traversal via Route Parameters
Dec 06, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-6202 MEDIUM
Mattermost < 7.8.12, 9.1.0-9.1.1 - Unauthenticated Improper Access Control via Boards User Endpoint
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-48369 MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Uncontrolled Resource Consumption via Log Overflow
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-48268 MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Denial of Service via Zip Bomb in Board Import
Nov 27, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-47168 MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Open Redirect via OAuth Redirect Parameter
Nov 27, 2023
CVSS 4.3
EPSS 0.00