mattermost

576 tracked vulnerabilities.

CVE-2023-2193 MEDIUM
Mattermost - Missing Authorization via OAuth2 App Deauthorization
Apr 20, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-1831 HIGH
Mattermost < 7.7.3 - Sensitive Information Exposure in Audit Logs
Apr 17, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-1777 MEDIUM
Mattermost < 7.1.6 and 7.8.0 - Unauthorized Message Content Exposure via createPost API
Mar 31, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-1776 HIGH
Mattermost Server < 7.1.6, 7.7.0-7.7.2 - Stored Cross-Site Scripting via SVG Image Upload
Mar 31, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-1775 MEDIUM
Mattermost Server < 7.1.6 - Unauthorized Sensitive Information Exposure via Websocket Event Broadcast
Mar 31, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-1774 MEDIUM
Mattermost Server < 7.1.6 - Missing Authorization for Private Channel Email Invites
Mar 31, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-1562 LOW
Mattermost < 7.5.0 - Exposure of Sensitive Information via Focalboard API
Mar 22, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-1421 LOW
Mattermost Server 5.32.0-7.6.9 - Reflected Cross-Site Scripting via OAuth State Parameter
Mar 15, 2023
CVSS 3.5
EPSS 0.01
CVE-2023-27266 LOW
Mattermost 5.12.0-7.6.9 - Authenticated Email Address Exposure via Teams API
Feb 27, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-27265 LOW
Mattermost 5.12.0-7.6.9 - Authenticated Email Address Exposure via Regenerate Invite Id API
Feb 27, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-27264 HIGH
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
Feb 27, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-27263 MEDIUM
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
Feb 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-4045 LOW
Mattermost < 7.1.4 - Authenticated Denial of Service via API Endpoint
Nov 23, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-4044 MEDIUM
Mattermost < 7.4 and mattermost-server < 7.1.4 - Authenticated Denial of Service via Large Autoresponder Messages
Nov 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-4019 MEDIUM
Mattermost Playbooks - Authenticated Denial of Service via Large Requests
Nov 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-3257 LOW
Mattermost < 7.2.0 - Authenticated Denial of Service via Crafted GIF Upload
Sep 23, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-3147 LOW
Mattermost < 7.1.0 - Authenticated Denial of Service via JPEG Image Upload
Sep 09, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-2408 MEDIUM
Mattermost <= 6.7.0 - Unauthorized Public Channel List Exposure via Guest Account
Jul 14, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-2406 MEDIUM
Mattermost <= 6.7.0 - Authenticated Denial of Service via Slack Import REST API
Jul 14, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-2401 MEDIUM
Mattermost < 6.3.9 - Unauthenticated Exposure of Sensitive User Information via API
Jul 14, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-2366 MEDIUM
Mattermost Server <= 6.7.0 - Incorrect Default Permissions via Trusted IP Header
Jul 12, 2022
CVSS 5.6
EPSS 0.00
CVE-2022-1982 MEDIUM
Mattermost < 6.3.8 and 6.6.0 - Authenticated Denial of Service via Crafted SVG Attachment
Jun 02, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-1548 LOW
Mattermost Playbooks < 1.25.0 - Privilege Escalation via User Permission Mismanagement
May 03, 2022
CVSS 3.7
EPSS 0.00
CVE-2022-1385 LOW
Mattermost < 6.5.0 - Unauthenticated Exposure of Resource to Wrong Sphere via Email Invitation
Apr 19, 2022
CVSS 3.7
EPSS 0.00
CVE-2022-1384 MEDIUM
Mattermost < 6.5.0 - Authenticated Plugin Version Check Bypass
Apr 19, 2022
CVSS 4.7
EPSS 0.00
Products
mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 75 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1
Quick Filters
Critical CVEs With Exploits In CISA KEV