mattermost
607 tracked vulnerabilities.
CVE-2023-2783
MEDIUM
Mattermost 7.8.0-7.8.3 and 7.10.0 - Missing Authorization in Apps Framework Webhook
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2808
MEDIUM
Mattermost 5.34.0-7.1.9 - Link Preview Spoofing via UTF Confusable Characters
May 29, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2515
MEDIUM
Mattermost < 7.1.8 - Incorrect Authorization via Personal Access Token Creation
May 12, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-2514
MEDIUM
Mattermost < 7.1.7 - Sensitive Information Disclosure in Application Logs
May 12, 2023
CVSS 6.7
EPSS 0.01
CVE-2023-2000
MEDIUM
Mattermost Desktop App < 5.2.2 - Open Redirect via Server Redirection
May 02, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-2281
LOW
Mattermost Server < 7.9.0 - Unauthorized Sensitive Information Exposure via Websocket Event
Apr 25, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-2193
MEDIUM
Mattermost - Missing Authorization via OAuth2 App Deauthorization
Apr 20, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-1831
HIGH
Mattermost < 7.7.3 - Sensitive Information Exposure in Audit Logs
Apr 17, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-1777
MEDIUM
Mattermost < 7.1.6 and 7.8.0 - Unauthorized Message Content Exposure via createPost API
Mar 31, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-1776
HIGH
Mattermost Server < 7.1.6, 7.7.0-7.7.2 - Stored Cross-Site Scripting via SVG Image Upload
Mar 31, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-1775
MEDIUM
Mattermost Server < 7.1.6 - Unauthorized Sensitive Information Exposure via Websocket Event Broadcast
Mar 31, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-1774
MEDIUM
Mattermost Server < 7.1.6 - Missing Authorization for Private Channel Email Invites
Mar 31, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-1562
LOW
Mattermost < 7.5.0 - Exposure of Sensitive Information via Focalboard API
Mar 22, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-1421
LOW
Mattermost Server 5.32.0-7.6.9 - Reflected Cross-Site Scripting via OAuth State Parameter
Mar 15, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-27266
LOW
Mattermost 5.12.0-7.6.9 - Authenticated Email Address Exposure via Teams API
Feb 27, 2023
CVSS 2.7
EPSS 0.01
CVE-2023-27265
LOW
Mattermost 5.12.0-7.6.9 - Authenticated Email Address Exposure via Regenerate Invite Id API
Feb 27, 2023
CVSS 2.7
EPSS 0.01
CVE-2023-27264
HIGH
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
Feb 27, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-27263
MEDIUM
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
Feb 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-4045
LOW
Mattermost < 7.1.4 - Authenticated Denial of Service via API Endpoint
Nov 23, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-4044
MEDIUM
Mattermost < 7.4 and mattermost-server < 7.1.4 - Authenticated Denial of Service via Large Autoresponder Messages
Nov 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-4019
MEDIUM
Mattermost Playbooks - Authenticated Denial of Service via Large Requests
Nov 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-3257
LOW
Mattermost < 7.2.0 - Authenticated Denial of Service via Crafted GIF Upload
Sep 23, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-3147
LOW
Mattermost < 7.1.0 - Authenticated Denial of Service via JPEG Image Upload
Sep 09, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-2408
MEDIUM
Mattermost <= 6.7.0 - Unauthorized Public Channel List Exposure via Guest Account
Jul 14, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-2406
MEDIUM
Mattermost <= 6.7.0 - Authenticated Denial of Service via Slack Import REST API
Jul 14, 2022
CVSS 4.3
EPSS 0.01
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters