mattermost

576 tracked vulnerabilities.

CVE-2023-3591 MEDIUM
Mattermost 7.8.0-7.8.6 - Improper Authentication via Password Reset Token Reuse
Jul 17, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-3590 LOW
Mattermost 7.10.0-7.10.2 - Incorrect Authorization in Boards Card Attachment Deletion
Jul 17, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-3587 LOW
Mattermost 7.8.0-7.8.6 - Missing Authorization in Board Sharing
Jul 17, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-3586 MEDIUM
Mattermost 7.8.0-7.8.6 - Incorrect Authorization via Public Boards Configuration
Jul 17, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-3585 MEDIUM
Mattermost Server < 7.8.7 - Denial of Service via Crafted Boards Link
Jul 17, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3584 LOW
Mattermost 7.8.0-7.8.4 - Authenticated Incorrect Authorization via Team Override Scheme ID
Jul 17, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-3582 MEDIUM
Mattermost 7.8.0-7.8.6 - Authenticated Incorrect Authorization via Board Channel Linking
Jul 17, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3581 MEDIUM
Mattermost 7.8.0-7.8.6 - WebSocket Origin Validation Bypass
Jul 17, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-3577 LOW
Mattermost 7.8.0-7.8.6 - Blind Server-Side Request Forgery via Interactive Dialog
Jul 17, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-2831 MEDIUM
Mattermost 7.1.0-7.1.8 - Denial of Service via Markdown String Unescaping
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2797 LOW
Mattermost 7.1.0-7.1.8 - Unauthenticated Private Repository Code Exposure via Crafted Permalink
Jun 16, 2023
CVSS 3.1
EPSS 0.01
CVE-2023-2793 MEDIUM
Mattermost 7.8.0-7.8.2 - Denial of Service via Link Preview
Jun 16, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-2792 MEDIUM
Mattermost 7.1.0-7.1.8 - Exposure of Sensitive Information via Ephemeral Error Messages
Jun 16, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-2785 MEDIUM
Mattermost 7.1.0-7.1.8 - Denial of Service via PostgreSQL Error Log Message Truncation
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2791 MEDIUM
Mattermost 7.7.0-7.7.2 - Authenticated Arbitrary Channel Post Edit via /dialog API
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2788 MEDIUM
Mattermost 7.1.0-7.1.8 - Authenticated Missing Authorization via OAuth2 Flow
Jun 16, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-2787 MEDIUM
Mattermost 7.1.0-7.1.8 - Missing Authorization in Message Threads API
Jun 16, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-2786 MEDIUM
Mattermost 7.1.0-7.1.8 - Unauthenticated Missing Authorization via Channel Commands
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2784 MEDIUM
Mattermost 7.8.0-7.8.3 - Missing Authorization for App Install Requests
Jun 16, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-2783 MEDIUM
Mattermost 7.8.0-7.8.3 and 7.10.0 - Missing Authorization in Apps Framework Webhook
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2808 MEDIUM
Mattermost 5.34.0-7.1.9 - Link Preview Spoofing via UTF Confusable Characters
May 29, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2515 MEDIUM
Mattermost < 7.1.8 - Incorrect Authorization via Personal Access Token Creation
May 12, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-2514 MEDIUM
Mattermost < 7.1.7 - Sensitive Information Disclosure in Application Logs
May 12, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-2000 MEDIUM
Mattermost Desktop App < 5.2.2 - Open Redirect via Server Redirection
May 02, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-2281 LOW
Mattermost Server < 7.9.0 - Unauthorized Sensitive Information Exposure via Websocket Event
Apr 25, 2023
CVSS 3.1
EPSS 0.00
Products
mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 75 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1
Quick Filters
Critical CVEs With Exploits In CISA KEV