mattermost

607 tracked vulnerabilities.

CVE-2025-58084 LOW
Mattermost Desktop App <=5.13.0 - SSRF
Oct 13, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-9081 LOW
Mattermost <10.5.8, <9.11.17 - Info Disclosure
Sep 19, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-9079 HIGH
Mattermost <10.8.4 - Code Injection
Sep 19, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-9084 LOW
Mattermost 10.5.0-10.5.9 - Open Redirect via OAuth Login URL
Sep 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-9072 HIGH
Mattermost <10.10.1-10.5.9-10.9.4 - Open Redirect
Sep 15, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-9078 MEDIUM
Mattermost <10.8.4 - Info Disclosure
Sep 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-9076 MEDIUM
Mattermost <10.10.2 - Info Disclosure
Sep 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-8402 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.3 10.10.0 - Denial of Service via Bulk Import Feature
Aug 21, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-6465 MEDIUM
Mattermost 10.5.0-10.5.8, 10.8.0-10.8.3, 10.9.0-10.9.3, 10.10.0 - Path Traversal & Arbitrary File Write
Aug 21, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-8023 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.2 - Path Traversal via Template File
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-53971 LOW
Mattermost 9.11.0-9.11.17 and 10.5.0-10.5.8 - Incorrect Authorization via Team Scheme Role Modification API
Aug 21, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-49810 LOW
Mattermost 10.5.0-10.5.8 - Incorrect Authorization in AI Posts Thread Access
Aug 21, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-49222 MEDIUM
Mattermost Server < 9.11.18 - Unrestricted File Upload
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-47870 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.2 - Team Invite ID Exposure via Restore Endpoint
Aug 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47700 LOW
Mattermost Server 10.5.0-10.5.9 - Server-Side Request Forgery via Empty Request Body Handling
Aug 21, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-36530 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.1 - Authenticated Path Traversal via Plugin Import
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-8285 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Channel Subscription API
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-54525 HIGH
Mattermost Confluence Plugin <1.5.0 - DoS
Aug 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54478 HIGH
Mattermost Confluence Plugin < 1.5.0 - Unauthenticated Channel Subscription Modification via API
Aug 11, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-54463 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Denial of Service via Invalid Request Body
Aug 11, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54458 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Create Subscription Endpoint
Aug 11, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-53910 MEDIUM
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-53857 LOW
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-53514 MEDIUM
Mattermost Confluence Plugin <1.5.0 - DoS
Aug 11, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-52931 HIGH
Mattermost Confluence Plugin < 1.5.0 - Denial of Service via Invalid Request Body
Aug 11, 2025
CVSS 7.5
EPSS 0.00