mattermost
607 tracked vulnerabilities.
CVE-2025-35965
MEDIUM
Mattermost 9.11.0-9.11.10, 10.4.0-10.4.2, 10.5.0 - Denial of Service via UpdateRunTaskActions GraphQL Operation
Apr 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2564
MEDIUM
Mattermost 9.11.0-9.11.9 and 10.5.0-10.5.1 - Authenticated Incorrect Authorization in Archived Channel Access Control
Apr 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-31363
LOW
Mattermost <10.4.2, 10.5.0, 9.11.9 - SSRF
Apr 16, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-27936
MEDIUM
Mattermost Plugin MSTeams <2.1.0 & Mattermost Server 10.5.x <=10.5....
Apr 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27571
MEDIUM
Mattermost 9.11.0-9.11.9, 10.4.0-10.4.3, 10.5.0-10.5.1 - Incorrect Authorization in Archived Channel Metadata
Apr 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-27538
LOW
Mattermost <10.5.1-9.11.9 - Privilege Escalation
Apr 16, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-24839
LOW
Mattermost 9.11.0-9.11.9 and 10.5.0-10.5.1 - Incorrect Authorization via Wrangler Plugin Override
Apr 16, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-2475
MEDIUM
Mattermost <10.5.1-10.4.3-9.11.9 - Info Disclosure
Apr 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-2424
LOW
Mattermost <10.5.2 - Info Disclosure
Apr 14, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-32093
MEDIUM
Mattermost 9.11.0-9.11.9, 10.4.0-10.4.3, 10.5.0-10.5.1 - Incorrect Authorization via Granular Admin Permission
Apr 14, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-30516
LOW
Mattermost Mobile Apps <=2.25.0 - Info Disclosure
Apr 14, 2025
CVSS 2.0
EPSS 0.00
CVE-2025-24866
LOW
Mattermost <9.11.8 - Info Disclosure
Apr 10, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-1558
MEDIUM
Mattermost Mobile Apps <=2.25.0 - Info Disclosure
Mar 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30179
MEDIUM
Mattermost <10.4.2-<10.3.3-<9.11.8 - Auth Bypass
Mar 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-27933
MEDIUM
Mattermost 9.11.0-9.11.8, 10.3.0-10.3.3, 10.4.0-10.4.2 - Incorrect Authorization in Channel Conversion
Mar 21, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27715
LOW
Mattermost 9.11.0-9.11.8 - Incorrect Authorization via Permalink
Mar 21, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-25274
MEDIUM
Mattermost <10.4.2-<10.3.3-<9.11.8 - Command Injection
Mar 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-25068
HIGH
Mattermost <10.4.2-10.5.0 - Auth Bypass
Mar 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-24920
MEDIUM
Mattermost 9.11.0-9.11.8, 10.3.0-10.3.3, 10.4.0-10.4.2, 10.5.0 - Incorrect Authorization in Bookmark Management
Mar 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1472
MEDIUM
Mattermost 9.11.0-9.11.8 - Incorrect Authorization for Viewer Role
Mar 19, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1398
LOW
Mattermost Desktop App <=5.10.0 - Untrusted Search Path via macOS Entitlements
Mar 17, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-25279
CRITICAL
Mattermost <10.4.1-10.3.2-10.2.2 - Info Disclosure
Feb 24, 2025
CVSS 9.9
EPSS 0.23
CVE-2025-24526
MEDIUM
Mattermost 9.11.0-9.11.7 10.1.0-10.1.3 10.2.0-10.2.2 10.3.0-10.3.2 10.4.0-10.4.1 - Incorrect Authorization
Feb 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24490
CRITICAL
Mattermost 9.11.0-9.11.7, 10.2.0-10.2.2, 10.3.0-10.3.2, 10.4.0-10.4.1 - SQL Injection via Boards Reordering
Feb 24, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-20051
CRITICAL
Mattermost <10.4.1-10.3.2-10.2.2 - Info Disclosure
Feb 24, 2025
CVSS 9.9
EPSS 0.01
Products
mattermost_server 451
mattermost 250
mattermost-server 212
Mattermost 104
mattermost_desktop 28
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-playbooks 6
mattermost-plugin-github 4
mattermost-plugin-msteams 4
mattermost-plugin-calls 3
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
Mattermost Google Drive Plugin 1
channel_export 1
github.com/mattermost/mattermost/server/public 1
legal_hold 1
mattermost-plugin-channel-export 1
mattermost-plugin-msteams-meetings 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters