Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 352

All 352 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2023-45223 Users full name disclosure through Mattermost Boards with Show Full Name Option disabled CWE-200 4.3 Medium2023-11-27
CVE-2023-47865 Username and Icon override can be used by members when Hardened Mode is enabled CWE-284 4.3 Medium2023-11-27
CVE-2023-5969 Denial of Service via Link Preview in /api/v4/redirect_location CWE-400 5.3 Medium2023-11-06
CVE-2023-5968 Password hash in response body after username update CWE-200 4.9 Medium2023-11-06
CVE-2023-5967 Denial of Service via crashing the Calls Plugin CWE-754 4.3 Medium2023-11-06
CVE-2023-5522 Mobile app freezes when receiving a post with hundreds of emojis CWE-400 4.3 Medium2023-10-17
CVE-2023-5339 Mattermost Desktop logs all keystrokes during initial run after fresh installation  CWE-200 4.7 Medium2023-10-17
CVE-2023-5333 Denial of Service via multiple identical User IDs in /api/v4/users/ids CWE-400 4.3 Medium2023-10-09
CVE-2023-5331 File Information Leak via IDOR in file_id in Draft Posts CWE-862 4.3 Medium2023-10-09
CVE-2023-5330 Denial of Service via Opengraph Data Cache CWE-400 4.3 Medium2023-10-09
CVE-2023-5160 Full name disclosure via team top membership with Show Full Name option disabled CWE-200 4.3 Medium2023-10-02
CVE-2023-5194 A system/user manager can demote / deactivate another manager CWE-863 2.7 Low2023-09-29
CVE-2023-5195 A team member can soft delete other teams that they are not part of CWE-863 6.5 Medium2023-09-29
CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages CWE-863 4.9 Medium2023-09-29
CVE-2023-5196 DoS via Channel Notification Properties CWE-400 6.5 Medium2023-09-29
CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots CWE-863 3.8 Low2023-09-29
CVE-2023-4478 Parameter tampering in the registration resulting in blocked accounts to be created CWE-74 4.3 Medium2023-08-25
CVE-2023-4108 Audit logging fails to sanitize post metadata CWE-532 4.5 Medium2023-08-11
CVE-2023-4107 Incorrect authorization allows a user manager to update a system admin CWE-863 6.7 Medium2023-08-11
CVE-2023-4106 A guest user can perform various actions on public playbooks CWE-862 6.3 Medium2023-08-11
CVE-2023-4105 Attachment of deleted message in a thread remains accessible and downloadable CWE-862 3.1 Low2023-08-11
CVE-2023-3593 Server crash via a specially crafted markdown input CWE-400 4.3 Medium2023-07-17
CVE-2023-3614 Denial of Service via specially crafted gif image CWE-400 4.3 Medium2023-07-17
CVE-2023-3591 Lack of previous password reset tokens on new token creation CWE-287 4.8 Medium2023-07-17
CVE-2023-3590 Deleted attachments in Boards remain accessible CWE-863 3.1 Low2023-07-17
CVE-2023-3587 Inconsistent state in UI after boards permission change by system admin CWE-862 2.7 Low2023-07-17
CVE-2023-3586 Disabling publicly-shared boards does not disable existing publicly available board links CWE-863 4.2 Medium2023-07-17
CVE-2023-3585 channel DoS by sharing a boards link CWE-400 4.3 Medium2023-07-17
CVE-2023-3584 Member can create team with team override scheme CWE-863 3.1 Low2023-07-17
CVE-2023-3582 Lack of channel membership check when linking a board to a channel CWE-863 4.3 Medium2023-07-17

All 352 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.