Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 352

All 352 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2024-24988 Excessive resource consumption when sending long emoji names in user custom status CWE-400 4.3 Medium2024-02-29
CVE-2024-1887 Public channel post content accessible without membership when compliance export is enabled CWE-284 4.3 Medium2024-02-29
CVE-2024-23488 Files of archived channels accessible with the “Allow users to view archived channels” option disabled CWE-284 3.1 Low2024-02-29
CVE-2024-23493 Team associated AD/LDAP Groups Leaked due to missing authorization CWE-200 4.3 Medium2024-02-29
CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions CWE-400 4.3 Medium2024-02-09
CVE-2024-24776 Incorrect Authorization leads to Channel Member Count Leak CWE-284 3.1 Low2024-02-09
CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) CWE-863 3.4 Low2024-02-09
CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) CWE-352 3.5 Low2024-02-09
CVE-2023-47858 Details of archived public channels are leaked to members of another team CWE-284 4.3 Medium2024-01-02
CVE-2023-50333 Lack of restriction to manage group names for freshly demoted guests CWE-284 3.7 Low2024-01-02
CVE-2023-48732 Keywords that trigger mentions are leaked to other users CWE-200 4.3 Medium2024-01-02
CVE-2023-7114 Mattermost 安全漏洞 CWE-74 7.1 High2023-12-29
CVE-2023-7113 Mattermost 安全漏洞 CWE-79 3.7 Low2023-12-29
CVE-2023-6727 Leak Inaccessible Playbook Information via Channel Action IDOR CWE-200 3.1 Low2023-12-12
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks CWE-352 7.3 High2023-12-12
CVE-2023-6547 Playbooks access/modification by removed team member CWE-284 3.7 Low2023-12-12
CVE-2023-49607 Playbook plugin crash via missing interface type assertion CWE-754 4.3 Medium2023-12-12
CVE-2023-49809 Todo plugin gets crashed and disabled by member CWE-400 4.3 Medium2023-12-12
CVE-2023-46701 Inaccessible Post Information Leak via Run Timeline IDOR CWE-200 6.5 Medium2023-12-12
CVE-2023-49874 IDOR when updating the tasks of a private playbook run CWE-284 4.3 Medium2023-12-12
CVE-2023-45847 Playbook Plugin Crash via Run Checklist CWE-400 4.3 Medium2023-12-12
CVE-2023-6459 Public endpoint /metrics of Calls plugin reveals channel IDs CWE-200 5.3 Medium2023-12-06
CVE-2023-6458 Client side path traversal due to lack of route parameters validation CWE-74 7.1 High2023-12-06
CVE-2023-47168 Open redirect in /oauth/<service>/mobile_login?redirect_to= CWE-601 4.3 Medium2023-11-27
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards CWE-284 4.3 Medium2023-11-27
CVE-2023-43754 Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels CWE-200 4.3 Medium2023-11-27
CVE-2023-48369 Log Flooding due to specially crafted requests in different endpoints CWE-400 4.3 Medium2023-11-27
CVE-2023-35075 HTML injection via channel autocomplete CWE-74 3.1 Low2023-11-27
CVE-2023-40703 Denial of Service via specially crafted block fields in Mattermost Boards CWE-400 4.3 Medium2023-11-27
CVE-2023-48268 Denial of Service via Board Import Zip Bomb CWE-400 4.3 Medium2023-11-27

All 352 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.