Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2024-36250 MFA Code Replay — MattermostCWE-303 3.1 Low2024-11-09
CVE-2024-42000 Unauthorized Access to view channels' details — MattermostCWE-863 2.7 Low2024-11-09
CVE-2024-46872 Client-Side Path Traversal Leading to CSRF in Playbooks — MattermostCWE-352 4.6 Medium2024-10-29
CVE-2024-47401 DoS via Amplified GraphQL Response in Playbooks — MattermostCWE-770 4.3 Medium2024-10-29
CVE-2024-50052 Arbitrary post deletion via Playbooks /ignore-thread endpoint — MattermostCWE-862 4.3 Medium2024-10-29
CVE-2024-10241 Private channel names leaked with Ctrl+K when ElasticSearch is enabled — MattermostCWE-284 4.3 Medium2024-10-29
CVE-2024-10214 Incorrect Session Creation with Desktop SSO — MattermostCWE-303 3.5 Low2024-10-28
CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files — MattermostCWE-863 4.3 Medium2024-09-26
CVE-2024-47003 DoS via non-string message using permalink embed — MattermostCWE-400 3.1 Low2024-09-26
CVE-2024-42406 Unauthorized access on archived channels — MattermostCWE-284 5.4 Medium2024-09-26
CVE-2024-45843 Weak SSRF Filtering — MattermostCWE-918 3.1 Low2024-09-26
CVE-2024-47145 Unauthorized access on archived channels via file links — MattermostCWE-284 3.1 Low2024-09-26
CVE-2024-45835 Insufficient Electron Fuses Configuration — MattermostCWE-693 2.5 Low2024-09-16
CVE-2024-39772 Silent Desktop Screenshot Capture — MattermostCWE-284 3.7 Low2024-09-16
CVE-2024-45833 Mobile password gets saved in dictionary under conditions — MattermostCWE-693 4.5 Medium2024-09-16
CVE-2024-39613 RCE in desktop app in Windows by local attacker — MattermostCWE-427 5.3 Medium2024-09-16
CVE-2024-43105 Excessive Resource Consumption via `/export` — MattermostCWE-400 4.3 Medium2024-08-23
CVE-2024-43780 Unauthorized channel file upload — MattermostCWE-284 4.3 Medium2024-08-22
CVE-2024-40884 Unauthorized disabling of invite URL — MattermostCWE-284 2.7 Low2024-08-22
CVE-2024-42497 Insufficient permissions checks on teams — MattermostCWE-284 6.0 Medium2024-08-22
CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin — MattermostCWE-284 4.7 Medium2024-08-22
CVE-2024-42411 User creation date manipulation in POST /api/v4/users — MattermostCWE-754 5.3 Medium2024-08-22
CVE-2024-40886 One-click Client-Side Path Traversal Leading to CSRF in User Management admin page — MattermostCWE-352 4.6 Medium2024-08-22
CVE-2024-43813 IDOR when marking read a user's channel — MattermostCWE-284 4.3 Medium2024-08-22
CVE-2024-39810 Server crash via Elasticsearch certificate file — MattermostCWE-400 4.9 Medium2024-08-22
CVE-2024-32939 Email addresses of remote users visible in props regardless of server settings — MattermostCWE-284 4.3 Medium2024-08-22
CVE-2024-39836 Munged email address used for password resets and notifications — MattermostCWE-693 4.8 Medium2024-08-22
CVE-2024-41926 Malicious remote can claim that a user was synced from another remote — MattermostCWE-284 2.7 Low2024-08-01
CVE-2024-41162 Malicious remote can make an arbitrary local channel read-only — MattermostCWE-284 4.1 Medium2024-08-01
CVE-2024-41144 Malicious remote can create/update/delete arbitrary posts in arbitrary channels — MattermostCWE-284 5.5 Medium2024-08-01

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.