mattermost

607 tracked vulnerabilities.

CVE-2025-13321 LOW
Mattermost Desktop App < 6.0.0 - Sensitive Information Exposure via Log File
Dec 17, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-12689 MEDIUM
Mattermost <11.0.4, <10.12.2, <10.11.6 - DoS
Dec 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62690 LOW
Mattermost 10.11.0-10.11.4 - Open Redirect via Error Page URL Parameter
Dec 17, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-62190 MEDIUM
Mattermost 10.11.0-10.11.6, 10.12.0-10.12.2, 11.0.0-11.0.4 & Calls <1.10.0 - CSRF via Calls Widget
Dec 17, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13352 LOW
Mattermost 10.11.0-10.11.6 and GitHub Plugin <=2.4.0 - Reaction Hijacking via Notification Post
Dec 17, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-13870 LOW
Mattermost 10.5.0-10.5.12 and 10.11.0-10.11.4 - Authenticated Missing Permission Validation in Boards
Dec 02, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-12756 MEDIUM
Mattermost <11.0.2-10.12.1-10.11.4-10.5.12 - Privilege Escalation
Dec 01, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
Nov 27, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-12559 MEDIUM
Mattermost <11.0.2-10.5.12 - Info Disclosure
Nov 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-12419 CRITICAL
Mattermost <10.12.1, 10.11.4, 10.5.12, 11.0.3 - Open Redirect
Nov 27, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-55074 LOW
Mattermost <10.11.4, <10.5.12 - Info Disclosure
Nov 18, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-11794 MEDIUM
Mattermost 10.5.0-10.5.11, 10.11.0-10.11.3, 10.12.0 - Unauthorized Exposure of Password Hashes and MFA Secrets
Nov 14, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-55073 MEDIUM
Mattermost <10.11.3, 10.5.11, 10.12.0 - Open Redirect
Nov 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-55070 MEDIUM
Mattermost <11 - Unauthenticated Information Disclosure via WebSocket Events
Nov 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-41436 LOW
Mattermost < 11.0 - Unauthenticated Archived Channel Access via Open in Channel Functionality
Nov 14, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-11776 MEDIUM
Mattermost < 11.0.0 - Unauthenticated Archived Channel Discovery via Search API
Nov 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59480 MEDIUM
Mattermost Mobile Apps <= 2.32.0 - Cross-Site Request Forgery via SSO Redirect Token
Nov 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-11777 LOW
Mattermost 10.5.0-10.5.11 and 10.11.0-10.11.3 - Incorrect Authorization via Add Channel Member API
Nov 13, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-55035 MEDIUM
Mattermost Desktop App <=5.13.0 - DoS
Oct 16, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-58075 HIGH
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.1 - Unauthenticated Team Join via RelayState Manipulation
Oct 16, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-58073 HIGH
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.1 - Unauthenticated Team Join via OAuth State Manipulation
Oct 16, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-54499 LOW
Mattermost <10.5.10, <10.11.2 - Info Disclosure
Oct 16, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41410 MEDIUM
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.2 - Missing Authorization via Slack Import Process
Oct 16, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-10545 LOW
Mattermost 10.5.0-10.5.10 and 10.11.0-10.11.2 - Incorrect Authorization via Channel Member Endpoint
Oct 16, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41443 MEDIUM
Mattermost 10.5.0-10.5.12 and 10.11.0-10.11.2 - Missing Authorization via Channel IDs Endpoint
Oct 16, 2025
CVSS 4.3
EPSS 0.00