Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 352

All 352 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2025-20086 Insufficient Input Validation on Post Props CWE-1287 6.5 Medium2025-01-15
CVE-2025-21083 Insufficient Input Validation on Post Props CWE-1287 6.5 Medium2025-01-15
CVE-2025-20036 Insufficient Input Validation on Post Props CWE-1287 6.5 Medium2025-01-15
CVE-2025-21088 WebApp crash via improper validation of proto style in attachments CWE-704 6.5 Medium2025-01-15
CVE-2025-22445 Misleading UI for undefined admin console settings in Calls causes security confusion CWE-754 3.5 Low2025-01-09
CVE-2025-20033 DoS via custom post type for sysconsole plugin readers CWE-1287 4.3 Medium2025-01-09
CVE-2025-22449 Access control flaw for team admins allows unauthorized team additions CWE-863 3.8 Low2025-01-09
CVE-2024-11358 Insecure Android File Provider Paths CWE-284 5.7 Medium2024-12-16
CVE-2024-54682 Zipbomb DoS via Missing Slack Import Validation CWE-409 6.5 Medium2024-12-16
CVE-2024-54083 DoS via lack of type validation in Calls CWE-1287 6.5 Medium2024-12-16
CVE-2024-48872 Bypass of "Max failed attempts" restriction via race condition CWE-362 4.8 Medium2024-12-16
CVE-2024-12247 Improper propagation of permission scheme updates across cluster nodes CWE-863 4.6 Medium2024-12-05
CVE-2024-11599 Domain Restriction Bypass on Registration CWE-754 8.2 High2024-11-28
CVE-2024-52032 Private channel names leaking when Elasticsearch is enabled CWE-200 4.3 Medium2024-11-09
CVE-2024-36250 MFA Code Replay CWE-303 3.1 Low2024-11-09
CVE-2024-42000 Unauthorized Access to view channels' details CWE-863 2.7 Low2024-11-09
CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks CWE-352 4.6 Medium2024-10-29
CVE-2024-47401 DoS via Amplified GraphQL Response in Playbooks CWE-770 4.3 Medium2024-10-29
CVE-2024-50052 Arbitrary post deletion via Playbooks /ignore-thread endpoint CWE-862 4.3 Medium2024-10-29
CVE-2024-10241 Private channel names leaked with Ctrl+K when ElasticSearch is enabled CWE-284 4.3 Medium2024-10-29
CVE-2024-10214 Incorrect Session Creation with Desktop SSO CWE-303 3.5 Low2024-10-28
CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files CWE-863 4.3 Medium2024-09-26
CVE-2024-47003 DoS via non-string message using permalink embed CWE-400 3.1 Low2024-09-26
CVE-2024-42406 Unauthorized access on archived channels CWE-284 5.4 Medium2024-09-26
CVE-2024-45843 Weak SSRF Filtering CWE-918 3.1 Low2024-09-26
CVE-2024-47145 Unauthorized access on archived channels via file links CWE-284 3.1 Low2024-09-26
CVE-2024-45835 Insufficient Electron Fuses Configuration CWE-693 2.5 Low2024-09-16
CVE-2024-39772 Silent Desktop Screenshot Capture CWE-284 3.7 Low2024-09-16
CVE-2024-45833 Mobile password gets saved in dictionary under conditions CWE-693 4.5 Medium2024-09-16
CVE-2024-39613 RCE in desktop app in Windows by local attacker CWE-427 5.3 Medium2024-09-16

All 352 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.