mattermost
607 tracked vulnerabilities.
CVE-2025-13321
LOW
Mattermost Desktop App < 6.0.0 - Sensitive Information Exposure via Log File
Dec 17, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-12689
MEDIUM
Mattermost <11.0.4, <10.12.2, <10.11.6 - DoS
Dec 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62690
LOW
Mattermost 10.11.0-10.11.4 - Open Redirect via Error Page URL Parameter
Dec 17, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-62190
MEDIUM
Mattermost 10.11.0-10.11.6, 10.12.0-10.12.2, 11.0.0-11.0.4 & Calls <1.10.0 - CSRF via Calls Widget
Dec 17, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13352
LOW
Mattermost 10.11.0-10.11.6 and GitHub Plugin <=2.4.0 - Reaction Hijacking via Notification Post
Dec 17, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-13870
LOW
Mattermost 10.5.0-10.5.12 and 10.11.0-10.11.4 - Authenticated Missing Permission Validation in Boards
Dec 02, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-12756
MEDIUM
Mattermost <11.0.2-10.12.1-10.11.4-10.5.12 - Privilege Escalation
Dec 01, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-12421
CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
Nov 27, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-12559
MEDIUM
Mattermost <11.0.2-10.5.12 - Info Disclosure
Nov 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-12419
CRITICAL
Mattermost <10.12.1, 10.11.4, 10.5.12, 11.0.3 - Open Redirect
Nov 27, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-55074
LOW
Mattermost <10.11.4, <10.5.12 - Info Disclosure
Nov 18, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-11794
MEDIUM
Mattermost 10.5.0-10.5.11, 10.11.0-10.11.3, 10.12.0 - Unauthorized Exposure of Password Hashes and MFA Secrets
Nov 14, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-55073
MEDIUM
Mattermost <10.11.3, 10.5.11, 10.12.0 - Open Redirect
Nov 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-55070
MEDIUM
Mattermost <11 - Unauthenticated Information Disclosure via WebSocket Events
Nov 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-41436
LOW
Mattermost < 11.0 - Unauthenticated Archived Channel Access via Open in Channel Functionality
Nov 14, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-11776
MEDIUM
Mattermost < 11.0.0 - Unauthenticated Archived Channel Discovery via Search API
Nov 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59480
MEDIUM
Mattermost Mobile Apps <= 2.32.0 - Cross-Site Request Forgery via SSO Redirect Token
Nov 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-11777
LOW
Mattermost 10.5.0-10.5.11 and 10.11.0-10.11.3 - Incorrect Authorization via Add Channel Member API
Nov 13, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-55035
MEDIUM
Mattermost Desktop App <=5.13.0 - DoS
Oct 16, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-58075
HIGH
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.1 - Unauthenticated Team Join via RelayState Manipulation
Oct 16, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-58073
HIGH
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.1 - Unauthenticated Team Join via OAuth State Manipulation
Oct 16, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-54499
LOW
Mattermost <10.5.10, <10.11.2 - Info Disclosure
Oct 16, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41410
MEDIUM
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.2 - Missing Authorization via Slack Import Process
Oct 16, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-10545
LOW
Mattermost 10.5.0-10.5.10 and 10.11.0-10.11.2 - Incorrect Authorization via Channel Member Endpoint
Oct 16, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41443
MEDIUM
Mattermost 10.5.0-10.5.12 and 10.11.0-10.11.2 - Missing Authorization via Channel IDs Endpoint
Oct 16, 2025
CVSS 4.3
EPSS 0.00
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters