Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 352

All 352 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2024-36287 Bypass of TCC restrictions on macOS CWE-693 3.8 Low2024-06-14
CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands CWE-284 4.3 Medium2024-05-26
CVE-2024-36255 Post actions can run playbook checklist task commands CWE-352 5.7 Medium2024-05-26
CVE-2024-36241 /playbook add slash command allows viewing arbitrary post contents CWE-284 3.1 Low2024-05-26
CVE-2024-31859 Member promoted to channel admin via playbooks run linking to channel CWE-284 4.3 Medium2024-05-26
CVE-2024-5270 SAML to email switch possible when email signin is disabled CWE-284 4.3 Medium2024-05-26
CVE-2024-5272 Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated" CWE-284 4.3 Medium2024-05-26
CVE-2024-32045 Playbook run link to private channel grants channel access CWE-284 5.9 Medium2024-05-26
CVE-2024-34152 Playbook Run Metadata leak to Guest CWE-284 4.3 Medium2024-05-26
CVE-2024-34029 AD/LDAP Group Members Leak CWE-200 4.3 Medium2024-05-26
CVE-2024-4198 Mattermost 安全漏洞 CWE-284 2.7 Low2024-04-26
CVE-2024-4195 Mattermost 安全漏洞 CWE-284 2.7 Low2024-04-26
CVE-2024-4183 Mattermost 安全漏洞 CWE-400 4.3 Medium2024-04-26
CVE-2024-4182 Mattermost 安全漏洞 CWE-754 4.3 Medium2024-04-26
CVE-2024-32046 Detailed error discloses full file path with dev mode off CWE-200 4.3 Medium2024-04-26
CVE-2024-22091 Excessive resource consumption due to lack to request path size limits CWE-400 3.1 Low2024-04-26
CVE-2024-3872 Mattermost Mobile Apps 安全漏洞 CWE-400 3.1 Low2024-04-16
CVE-2024-2447 Mattermost 安全漏洞 CWE-284 6.5 Medium2024-04-05
CVE-2024-29221 Invite ID available to team admins even without the "Add Members" permission CWE-284 4.7 Medium2024-04-05
CVE-2024-28949 DoS via a large number of User Preferences CWE-400 4.3 Medium2024-04-05
CVE-2024-21848 Users maintain access to active call after being removed from a channel CWE-284 3.1 Low2024-04-05
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin CWE-74 6.1 Medium2024-03-15
CVE-2024-2450 Mattermost 安全漏洞 CWE-287 8.8 High2024-03-15
CVE-2024-2446 Mattermost 安全漏洞 CWE-400 4.3 Medium2024-03-15
CVE-2024-28053 Resource Exhaustion via the Invitation Feature CWE-400 3.1 Low2024-03-15
CVE-2024-1953 Mattermost 安全漏洞 CWE-400 4.3 Medium2024-02-29
CVE-2024-1952 Mattermost 安全漏洞 CWE-200 3.1 Low2024-02-29
CVE-2024-1949 Mattermost 安全漏洞 CWE-200 2.6 Low2024-02-29
CVE-2024-1942 Mattermost 安全漏洞 CWE-284 4.3 Medium2024-02-29
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission CWE-284 4.3 Medium2024-02-29

All 352 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.