mattermost
607 tracked vulnerabilities.
CVE-2023-4106
MEDIUM
Mattermost 7.8.0-7.8.7 and 7.9.0-7.9.5 - Missing Authorization for Public Playbook Actions
Aug 11, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-4105
LOW
Mattermost 7.8.0-7.8.7 and 7.9.0-7.9.5 - Missing Authorization for Deleted Message Attachments
Aug 11, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-3615
HIGH
Mattermost iOS - SSL/TLS Info Disclosure
Jul 17, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-3614
MEDIUM
Mattermost < 7.8.7 - Denial of Service via Malicious GIF Image File
Jul 17, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3613
LOW
Mattermost WelcomeBot - Privilege Escalation
Jul 17, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-3593
MEDIUM
Mattermost 7.8.0-7.8.6 - Denial of Service via Markdown Input
Jul 17, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-3591
MEDIUM
Mattermost 7.8.0-7.8.6 - Improper Authentication via Password Reset Token Reuse
Jul 17, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-3590
LOW
Mattermost 7.10.0-7.10.2 - Incorrect Authorization in Boards Card Attachment Deletion
Jul 17, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-3587
LOW
Mattermost 7.8.0-7.8.6 - Missing Authorization in Board Sharing
Jul 17, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-3586
MEDIUM
Mattermost 7.8.0-7.8.6 - Incorrect Authorization via Public Boards Configuration
Jul 17, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-3585
MEDIUM
Mattermost Server < 7.8.7 - Denial of Service via Crafted Boards Link
Jul 17, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3584
LOW
Mattermost 7.8.0-7.8.4 - Authenticated Incorrect Authorization via Team Override Scheme ID
Jul 17, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-3582
MEDIUM
Mattermost 7.8.0-7.8.6 - Authenticated Incorrect Authorization via Board Channel Linking
Jul 17, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3581
MEDIUM
Mattermost 7.8.0-7.8.6 - WebSocket Origin Validation Bypass
Jul 17, 2023
CVSS 6.2
EPSS 0.00
CVE-2023-3577
LOW
Mattermost 7.8.0-7.8.6 - Blind Server-Side Request Forgery via Interactive Dialog
Jul 17, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-2831
MEDIUM
Mattermost 7.1.0-7.1.8 - Denial of Service via Markdown String Unescaping
Jun 16, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-2797
LOW
Mattermost 7.1.0-7.1.8 - Unauthenticated Private Repository Code Exposure via Crafted Permalink
Jun 16, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-2793
MEDIUM
Mattermost 7.8.0-7.8.2 - Denial of Service via Link Preview
Jun 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-2792
MEDIUM
Mattermost 7.1.0-7.1.8 - Exposure of Sensitive Information via Ephemeral Error Messages
Jun 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-2785
MEDIUM
Mattermost 7.1.0-7.1.8 - Denial of Service via PostgreSQL Error Log Message Truncation
Jun 16, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-2791
MEDIUM
Mattermost 7.7.0-7.7.2 - Authenticated Arbitrary Channel Post Edit via /dialog API
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2788
MEDIUM
Mattermost 7.1.0-7.1.8 - Authenticated Missing Authorization via OAuth2 Flow
Jun 16, 2023
CVSS 6.2
EPSS 0.01
CVE-2023-2787
MEDIUM
Mattermost 7.1.0-7.1.8 - Missing Authorization in Message Threads API
Jun 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-2786
MEDIUM
Mattermost 7.1.0-7.1.8 - Unauthenticated Missing Authorization via Channel Commands
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2784
MEDIUM
Mattermost 7.8.0-7.8.3 - Missing Authorization for App Install Requests
Jun 16, 2023
CVSS 4.2
EPSS 0.00
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters