| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-23493 | Team associated AD/LDAP Groups Leaked due to missing authorization | Mattermost | Mattermost | Medium | 4.3 | 2024-02-29 08:02:32 | Deep Dive |
| CVE-2024-1402 | Denial of service in mattermost mobile apps and server via emoji reactions | Mattermost | Mattermost | Medium | 4.3 | 2024-02-09 15:09:18 | Deep Dive |
| CVE-2024-24776 | Incorrect Authorization leads to Channel Member Count Leak | Mattermost | Mattermost | Low | 3.1 | 2024-02-09 14:50:45 | Deep Dive |
| CVE-2024-24774 | Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) | Mattermost | Mattermost | Low | 3.4 | 2024-02-09 14:46:59 | Deep Dive |
| CVE-2024-23319 | CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) | Mattermost | Mattermost | Low | 3.5 | 2024-02-09 14:42:22 | Deep Dive |
| CVE-2023-47858 | Details of archived public channels are leaked to members of another team | Mattermost | Mattermost | Medium | 4.3 | 2024-01-02 09:54:25 | Deep Dive |
| CVE-2023-50333 | Lack of restriction to manage group names for freshly demoted guests | Mattermost | Mattermost | Low | 3.7 | 2024-01-02 09:53:02 | Deep Dive |
| CVE-2023-48732 | Keywords that trigger mentions are leaked to other users | Mattermost | Mattermost | Medium | 4.3 | 2024-01-02 09:52:01 | Deep Dive |
| CVE-2023-7114 | Mattermost 安全漏洞 | Mattermost | Mattermost | High | 7.1 | 2023-12-29 12:46:23 | Deep Dive |
| CVE-2023-7113 | Mattermost 安全漏洞 | Mattermost | Mattermost | Low | 3.7 | 2023-12-29 12:46:14 | Deep Dive |
| CVE-2023-6727 | Leak Inaccessible Playbook Information via Channel Action IDOR | Mattermost | Mattermost | Low | 3.1 | 2023-12-12 10:53:02 | Deep Dive |
| CVE-2023-45316 | Reflected client side path traversal leading to CSRF in Playbooks | Mattermost | Mattermost | High | 7.3 | 2023-12-12 08:23:17 | Deep Dive |
| CVE-2023-6547 | Playbooks access/modification by removed team member | Mattermost | Mattermost | Low | 3.7 | 2023-12-12 08:22:41 | Deep Dive |
| CVE-2023-49607 | Playbook plugin crash via missing interface type assertion | Mattermost | Mattermost | Medium | 4.3 | 2023-12-12 08:21:37 | Deep Dive |
| CVE-2023-49809 | Todo plugin gets crashed and disabled by member | Mattermost | Mattermost | Medium | 4.3 | 2023-12-12 08:20:08 | Deep Dive |
| CVE-2023-46701 | Inaccessible Post Information Leak via Run Timeline IDOR | Mattermost | Mattermost | Medium | 6.5 | 2023-12-12 08:19:22 | Deep Dive |
| CVE-2023-49874 | IDOR when updating the tasks of a private playbook run | Mattermost | Mattermost | Medium | 4.3 | 2023-12-12 08:17:54 | Deep Dive |
| CVE-2023-45847 | Playbook Plugin Crash via Run Checklist | Mattermost | Mattermost | Medium | 4.3 | 2023-12-12 08:17:10 | Deep Dive |
| CVE-2023-6459 | Public endpoint /metrics of Calls plugin reveals channel IDs | Mattermost | Mattermost | Medium | 5.3 | 2023-12-06 08:11:36 | Deep Dive |
| CVE-2023-6458 | Client side path traversal due to lack of route parameters validation | Mattermost | Mattermost | High | 7.1 | 2023-12-06 08:10:18 | Deep Dive |