mattermost
575 tracked vulnerabilities.
CVE-2025-20088
MEDIUM
Mattermost <10.2.0-10.2.0, <9.11.5-9.11.5, <10.0.3-10.0.3, <10.1.3-...
Jan 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-20086
MEDIUM
Mattermost <10.2.0-10.1.3 - Code Injection
Jan 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-20036
MEDIUM
Mattermost Mobile Apps <=2.22.0 - Code Injection
Jan 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-21088
MEDIUM
Mattermost <10.2.0-10.1.3 - Code Injection
Jan 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-22449
LOW
Mattermost 9.11.0-9.11.5 - Incorrect Authorization via Team Public Setting
Jan 09, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-22445
LOW
Mattermost 10.x <= 10.2 - Incorrect Security Configuration Reporting in UI
Jan 09, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-20033
MEDIUM
Mattermost 9.11.0-9.11.5, 10.0.0-10.0.3, 10.1.0-10.1.3, 10.2.0 DoS via Custom Post Type Validation Bypass
Jan 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-11358
MEDIUM
Mattermost Android Mobile Apps <=2.21.0 - Info Disclosure
Dec 16, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-54682
MEDIUM
Mattermost 9.5.0-9.5.12 10.1.0-10.1.2 - Denial of Service via Slack Import Zip Bomb
Dec 16, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-54083
MEDIUM
Mattermost 9.5.0-9.5.12 10.0.0-10.0.2 10.1.0-10.1.2 - Denial of Service via Crafted Post
Dec 16, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-48872
MEDIUM
Mattermost 9.5.0-9.5.12 9.11.0-9.11.4 10.0.0-10.0.2 10.1.0-10.1.2 - Race Condition in Failed Login Attempts Check
Dec 16, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-12247
MEDIUM
Mattermost 9.7.0-9.7.5 9.8.0-9.8.2 9.9.0-9.9.2 - Incorrect Authorization via Permission Scheme Update Propagation
Dec 05, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-11599
HIGH
Mattermost <10.0.1-9.5.11 - Info Disclosure
Nov 28, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-52032
MEDIUM
Mattermost <10.0.0-9.11.2 - Info Disclosure
Nov 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-42000
LOW
Mattermost 9.5.0-9.5.9, 9.10.0-9.10.2, 9.11.0-9.11.1, 10.0.0 - Incorrect Authorization via /api/v4/channels
Nov 09, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-36250
LOW
Mattermost <9.11.3-9.5.11 - Info Disclosure
Nov 09, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-47401
MEDIUM
Mattermost <9.10.2, 9.11.1, 9.5.9 - Info Disclosure
Oct 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-46872
MEDIUM
Mattermost 9.5.0-9.5.9, 9.10.0-9.10.2, 9.11.0-9.11.1 - Cross-Site Request Forgery via Playbooks Redirection
Oct 29, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-50052
MEDIUM
Mattermost <9.10.2-9.11.1-9.5.9 - Privilege Escalation
Oct 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-10241
MEDIUM
Mattermost <9.5.10 - Info Disclosure
Oct 29, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-10214
LOW
Mattermost <9.11.2-9.5.10 - Info Disclosure
Oct 28, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-9155
MEDIUM
Mattermost 9.5.0-9.5.8, 9.9.0-9.9.2, 9.10.0-9.10.1 - Incorrect Authorization in Channel File Access
Sep 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47145
LOW
Mattermost <9.5.8 - Info Disclosure
Sep 26, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-47003
LOW
Mattermost 9.5.0-9.5.8 and 9.11.0 - Denial of Service via Permalink Post Message Validation Bypass
Sep 26, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-45843
LOW
Mattermost 9.5.0-9.5.8 - Server-Side Request Forgery via Oracle Cloud and Alibaba Metadata Endpoints
Sep 26, 2024
CVSS 3.1
EPSS 0.00
Products
mattermost_server 412
mattermost 233
mattermost-server 186
Mattermost 74
mattermost_desktop 23
mattermost_mobile 20
confluence 14
mattermost-plugin-confluence 14
mattermost-plugin-msteams 4
mattermost-plugin-playbooks 4
mattermost-plugin-jira 3
Focalboard 2
focalboard 2
mattermost-plugin-boards 2
mattermost-plugin-calls 2
mattermost-plugin-zoom 2
mattermost_boards 2
ms_teams 2
playbooks 2
zoom 2
channel_export 1
mattermost-plugin-channel-export 1
mattermost-plugin-github 1
mattermost_channel_export 1
mattermost_packages 1
mattermost_plugins 1
Quick Filters