mattermost

607 tracked vulnerabilities.

CVE-2023-2783 MEDIUM
Mattermost 7.8.0-7.8.3 and 7.10.0 - Missing Authorization in Apps Framework Webhook
Jun 16, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2808 MEDIUM
Mattermost 5.34.0-7.1.9 - Link Preview Spoofing via UTF Confusable Characters
May 29, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2515 MEDIUM
Mattermost < 7.1.8 - Incorrect Authorization via Personal Access Token Creation
May 12, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-2514 MEDIUM
Mattermost < 7.1.7 - Sensitive Information Disclosure in Application Logs
May 12, 2023
CVSS 6.7
EPSS 0.01
CVE-2023-2000 MEDIUM
Mattermost Desktop App < 5.2.2 - Open Redirect via Server Redirection
May 02, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-2281 LOW
Mattermost Server < 7.9.0 - Unauthorized Sensitive Information Exposure via Websocket Event
Apr 25, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-2193 MEDIUM
Mattermost - Missing Authorization via OAuth2 App Deauthorization
Apr 20, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-1831 HIGH
Mattermost < 7.7.3 - Sensitive Information Exposure in Audit Logs
Apr 17, 2023
CVSS 7.2
EPSS 0.00
CVE-2023-1777 MEDIUM
Mattermost < 7.1.6 and 7.8.0 - Unauthorized Message Content Exposure via createPost API
Mar 31, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-1776 HIGH
Mattermost Server < 7.1.6, 7.7.0-7.7.2 - Stored Cross-Site Scripting via SVG Image Upload
Mar 31, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-1775 MEDIUM
Mattermost Server < 7.1.6 - Unauthorized Sensitive Information Exposure via Websocket Event Broadcast
Mar 31, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-1774 MEDIUM
Mattermost Server < 7.1.6 - Missing Authorization for Private Channel Email Invites
Mar 31, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-1562 LOW
Mattermost < 7.5.0 - Exposure of Sensitive Information via Focalboard API
Mar 22, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-1421 LOW
Mattermost Server 5.32.0-7.6.9 - Reflected Cross-Site Scripting via OAuth State Parameter
Mar 15, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-27266 LOW
Mattermost 5.12.0-7.6.9 - Authenticated Email Address Exposure via Teams API
Feb 27, 2023
CVSS 2.7
EPSS 0.01
CVE-2023-27265 LOW
Mattermost 5.12.0-7.6.9 - Authenticated Email Address Exposure via Regenerate Invite Id API
Feb 27, 2023
CVSS 2.7
EPSS 0.01
CVE-2023-27264 HIGH
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
Feb 27, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-27263 MEDIUM
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
Feb 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-4045 LOW
Mattermost < 7.1.4 - Authenticated Denial of Service via API Endpoint
Nov 23, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-4044 MEDIUM
Mattermost < 7.4 and mattermost-server < 7.1.4 - Authenticated Denial of Service via Large Autoresponder Messages
Nov 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-4019 MEDIUM
Mattermost Playbooks - Authenticated Denial of Service via Large Requests
Nov 23, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-3257 LOW
Mattermost < 7.2.0 - Authenticated Denial of Service via Crafted GIF Upload
Sep 23, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-3147 LOW
Mattermost < 7.1.0 - Authenticated Denial of Service via JPEG Image Upload
Sep 09, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-2408 MEDIUM
Mattermost <= 6.7.0 - Unauthorized Public Channel List Exposure via Guest Account
Jul 14, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-2406 MEDIUM
Mattermost <= 6.7.0 - Authenticated Denial of Service via Slack Import REST API
Jul 14, 2022
CVSS 4.3
EPSS 0.01