Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2024-39839 Remote username set to an arbitrary string by remote user — MattermostCWE-284 4.3 Medium2024-08-01
CVE-2024-39837 Malicious remote can create arbitrary channels — MattermostCWE-284 3.8 Low2024-08-01
CVE-2024-39832 Permanently local data deletion by malicious remote — MattermostCWE-754 6.8 Medium2024-08-01
CVE-2024-39777 Malicious remote can invite itself to an arbitrary local channel — MattermostCWE-284 8.7 High2024-08-01
CVE-2024-39274 Malicious remote can add users to arbitrary teams and channels — MattermostCWE-284 8.7 High2024-08-01
CVE-2024-36492 Existing local user overwritten by malicious remote — MattermostCWE-284 7.4 High2024-08-01
CVE-2024-29977 Malicious remote can create arbitrary reactions on arbitrary posts — MattermostCWE-284 2.7 Low2024-08-01
CVE-2024-39767 Spoofed push notifications from malicious server — MattermostCWE-287 4.2 Medium2024-07-15
CVE-2024-32945 LaTeX post content manipulation via renderer state leak across contexts — MattermostCWE-909 2.6 Low2024-07-15
CVE-2024-6428 Limited DoS due to permitting creating users with user-defined IDs — MattermostCWE-284 5.3 Medium2024-07-03
CVE-2024-39353 RemoteClusterFrame payloads are audit logged in full — MattermostCWE-200 2.7 Low2024-07-03
CVE-2024-39361 Creating posts with user-defined IDs permitted in CreatePost API — MattermostCWE-284 3.1 Low2024-07-03
CVE-2024-39830 Timing attack during remote cluster token comparison when shared channels are enabled — MattermostCWE-287 8.1 High2024-07-03
CVE-2024-39807 Channel IDs of archived/restored channels leaked via webhook events — MattermostCWE-200 3.1 Low2024-07-03
CVE-2024-36257 Lack of permission check when updating the profile picture of a remote user (shared channels enabled) — MattermostCWE-284 2.7 Low2024-07-03
CVE-2024-37182 Lack of permissions prompting when opening external URLs — MattermostCWE-693 4.7 Medium2024-06-14
CVE-2024-36287 Bypass of TCC restrictions on macOS — MattermostCWE-693 3.8 Low2024-06-14
CVE-2024-29215 Slash commands run in channel without channel membership via playbook task commands — MattermostCWE-284 4.3 Medium2024-05-26
CVE-2024-36255 Post actions can run playbook checklist task commands — MattermostCWE-352 5.7 Medium2024-05-26
CVE-2024-36241 /playbook add slash command allows viewing arbitrary post contents — MattermostCWE-284 3.1 Low2024-05-26
CVE-2024-31859 Member promoted to channel admin via playbooks run linking to channel — MattermostCWE-284 4.3 Medium2024-05-26
CVE-2024-5270 SAML to email switch possible when email signin is disabled — MattermostCWE-284 4.3 Medium2024-05-26
CVE-2024-5272 Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated" — MattermostCWE-284 4.3 Medium2024-05-26
CVE-2024-32045 Playbook run link to private channel grants channel access — MattermostCWE-284 5.9 Medium2024-05-26
CVE-2024-34152 Playbook Run Metadata leak to Guest — MattermostCWE-284 4.3 Medium2024-05-26
CVE-2024-34029 AD/LDAP Group Members Leak — MattermostCWE-200 4.3 Medium2024-05-26
CVE-2024-4198 Mattermost 安全漏洞 — MattermostCWE-284 2.7 Low2024-04-26
CVE-2024-4195 Mattermost 安全漏洞 — MattermostCWE-284 2.7 Low2024-04-26
CVE-2024-4183 Mattermost 安全漏洞 — MattermostCWE-400 4.3 Medium2024-04-26
CVE-2024-4182 Mattermost 安全漏洞 — MattermostCWE-754 4.3 Medium2024-04-26

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.