Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 352

All 352 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2022-3147 Server-side Denial of Service while processing a specifically crafted JPEG file CWE-400 3.1 Low2022-09-09
CVE-2022-2408 Guest accounts can list all public channels CWE-200 4.3 Medium2022-07-14
CVE-2022-2406 Malicious imports can lead to Denial of Service CWE-400 4.3 Medium2022-07-14
CVE-2022-2401 Team members could access sensitive information of other users via an API call CWE-200 6.5 Medium2022-07-14
CVE-2022-2366 Incorrect defaults can cause attackers to bypass rate limitations CWE-276 5.6 Medium2022-07-11
CVE-2022-1982 A crafted SVG attachment can crash a Mattermost server CWE-400 4.3 Medium2022-06-02
CVE-2022-1384 Authorized users are allowed to install old plugin versions from the Marketplace CWE-477 4.7 Medium2022-04-19
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites CWE-664 3.7 Low2022-04-19
CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents CWE-200 4.3 Medium2022-04-13
CVE-2022-1337 OOM DoS in Mattermost image proxy CWE-400 4.3 Medium2022-04-13
CVE-2022-1002 HTML Injection while inviting Guests CWE-80 2.0 Low2022-03-18
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads CWE-268 3.3 Low2022-03-18
CVE-2022-0904 Stack overflow in document extractor in Mattermost 4.3 Medium2022-03-09
CVE-2022-0903 Stack overflow in SAML login in Mattermost 5.3 Medium2022-03-09
CVE-2022-0708 Team Creator's Email Address is disclosed to Team Members via one of the APIs CWE-200 4.3 Medium2022-02-21
CVE-2021-37864 Users can view the contents of an archived channel when access is explicitly denied by the system admin CWE-284 2.6 Low2022-01-18
CVE-2021-37865 Server-side Denial of Service while processing a specifically crafted GIF file CWE-400 4.3 Medium2022-01-18
CVE-2021-37863 Mattermost 输入验证错误漏洞 CWE-20 3.5 Low2021-12-17
CVE-2021-37862 Mattermost 代码问题漏洞 CWE-754 3.7 Low2021-12-17
CVE-2021-37861 Mattermost 日志信息泄露漏洞 CWE-532 5.8 Medium2021-12-09
CVE-2021-37860 Mattermost 跨站脚本漏洞 CWE-79 3.7 Low2021-09-22
CVE-2021-37859 Reflected XSS in OAuth Flow CWE-79 7.1 High2021-08-05

All 352 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.