mattermost

607 tracked vulnerabilities.

CVE-2025-49221 LOW
Mattermost Confluence Plugin < 1.5.0 - Unauthenticated Information Disclosure via Subscription API
Aug 11, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-48731 MEDIUM
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-44004 HIGH
Mattermost Confluence Plugin < 1.5.0 - Unauthenticated Channel Subscription via API Endpoint
Aug 11, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-44001 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Get Channel Subscriptions API
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-6227 LOW
Mattermost <10.5.7, <9.11.16 - Info Disclosure
Jul 18, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-6233 MEDIUM
Mattermost <10.8.1-10.5.7-9.11.16 - Path Traversal
Jul 18, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-6226 MEDIUM
Mattermost <10.5.7, <10.8.2, <10.7.4, <9.11.17 - Info Disclosure
Jul 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-47871 MEDIUM
Mattermost 9.11.0-9.11.15 10.5.0-10.5.5 10.6.0-10.6.5 10.7.0-10.7.2 10.8.0 - Authenticated Information Disclosure
Jun 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-46702 MEDIUM
Mattermost <10.5.5-10.8.0 - Privilege Escalation
Jun 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-3228 MEDIUM
Mattermost <10.5.5-10.8.0 - Info Disclosure
Jun 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-3227 MEDIUM
Mattermost <10.5.5-10.8.0 - Privilege Escalation
Jun 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-4981 CRITICAL
Mattermost <=10.5.5, <=9.11.15, <=10.8.0, <=10.7.2, <=10.6.5 - Authenticated Arbitrary File Write via Path Traversal
Jun 20, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-4573 MEDIUM
Mattermost 9.11.0-9.11.13 10.5.0-10.5.4 10.6.0-10.6.3 10.7.0-10.7.1 - LDAP Injection via Group ID
Jun 11, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-4128 LOW
Mattermost 9.11.0-9.11.13 and 10.5.0-10.5.4 - Incorrect Authorization via Teams API
Jun 11, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-3611 LOW
Mattermost 9.11.0-9.11.12 10.5.0-10.5.3 10.7.0 - Authenticated Incorrect Authorization via Team API Endpoint
May 30, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-3230 MEDIUM
Mattermost <10.7.0-10.6.2-10.5.3-9.11.12 - Info Disclosure
May 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-2571 MEDIUM
Mattermost <10.7.0-10.5.3-9.11.12 - Auth Bypass
May 30, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-1792 LOW
Mattermost <10.7.0, <10.5.3, <9.11.12 - Info Disclosure
May 30, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-3913 MEDIUM
Mattermost <10.7.0-9.11.12 - Privilege Escalation
May 29, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-2570 LOW
Mattermost 9.11.0-9.11.11 and 10.5.0-10.5.3 - Incorrect Authorization via System Console
May 15, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-2527 MEDIUM
Mattermost 9.11.0-9.11.11 and 10.5.0-10.5.2 - Incorrect Authorization via Group API
May 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-3446 MEDIUM
Mattermost 9.11.0-9.11.11 10.4.0-10.4.4 10.5.0-10.5.2 10.6.0-10.6.1 - Incorrect Authorization via Team Invite API
May 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-31947 MEDIUM
Mattermost <10.6.1-10.5.2-10.4.4-9.11.11 - Privilege Escalation
May 15, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-41423 LOW
Mattermost 9.11.0-9.11.10 10.4.0-10.4.2 10.5.0 - Unauthenticated Post Deletion via Playbooks Signal Keywords Endpoint
Apr 24, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41395 MEDIUM
Mattermost 9.11.0-9.11.10, 10.4.0-10.4.2, 10.5.0 - Denial of Service via RetrospectivePost Custom Post Type
Apr 24, 2025
CVSS 6.5
EPSS 0.00