Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2024-32046 Detailed error discloses full file path with dev mode off — MattermostCWE-200 4.3 Medium2024-04-26
CVE-2024-22091 Excessive resource consumption due to lack to request path size limits — MattermostCWE-400 3.1 Low2024-04-26
CVE-2024-3872 Mattermost Mobile Apps 安全漏洞 — MattermostCWE-400 3.1 Low2024-04-16
CVE-2024-2447 Mattermost 安全漏洞 — MattermostCWE-284 6.5 Medium2024-04-05
CVE-2024-29221 Invite ID available to team admins even without the "Add Members" permission — MattermostCWE-284 4.7 Medium2024-04-05
CVE-2024-28949 DoS via a large number of User Preferences — MattermostCWE-400 4.3 Medium2024-04-05
CVE-2024-21848 Users maintain access to active call after being removed from a channel — MattermostCWE-284 3.1 Low2024-04-05
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin — MattermostCWE-74 6.1 Medium2024-03-15
CVE-2024-2450 Mattermost 安全漏洞 — MattermostCWE-287 8.8 High2024-03-15
CVE-2024-2446 Mattermost 安全漏洞 — MattermostCWE-400 4.3 Medium2024-03-15
CVE-2024-28053 Resource Exhaustion via the Invitation Feature — MattermostCWE-400 3.1 Low2024-03-15
CVE-2024-24975 Denial of Service for mobile app users due to automatic code highlighting — Mattermost MobileCWE-400 3.5 Low2024-03-15
CVE-2024-1953 Mattermost 安全漏洞 — MattermostCWE-400 4.3 Medium2024-02-29
CVE-2024-1952 Mattermost 安全漏洞 — MattermostCWE-200 3.1 Low2024-02-29
CVE-2024-1949 Mattermost 安全漏洞 — MattermostCWE-200 2.6 Low2024-02-29
CVE-2024-1942 Mattermost 安全漏洞 — MattermostCWE-284 4.3 Medium2024-02-29
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission — MattermostCWE-284 4.3 Medium2024-02-29
CVE-2024-24988 Excessive resource consumption when sending long emoji names in user custom status — MattermostCWE-400 4.3 Medium2024-02-29
CVE-2024-1887 Public channel post content accessible without membership when compliance export is enabled — MattermostCWE-284 4.3 Medium2024-02-29
CVE-2024-23488 Files of archived channels accessible with the “Allow users to view archived channels” option disabled — MattermostCWE-284 3.1 Low2024-02-29
CVE-2024-23493 Team associated AD/LDAP Groups Leaked due to missing authorization — MattermostCWE-200 4.3 Medium2024-02-29
CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions — MattermostCWE-400 4.3 Medium2024-02-09
CVE-2024-24776 Incorrect Authorization leads to Channel Member Count Leak — MattermostCWE-284 3.1 Low2024-02-09
CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) — MattermostCWE-863 3.4 Low2024-02-09
CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) — MattermostCWE-352 3.5 Low2024-02-09
CVE-2023-47858 Details of archived public channels are leaked to members of another team — MattermostCWE-284 4.3 Medium2024-01-02
CVE-2023-50333 Lack of restriction to manage group names for freshly demoted guests — MattermostCWE-284 3.7 Low2024-01-02
CVE-2023-48732 Keywords that trigger mentions are leaked to other users — MattermostCWE-200 4.3 Medium2024-01-02
CVE-2023-7114 Mattermost 安全漏洞 — MattermostCWE-74 7.1 High2023-12-29
CVE-2023-7113 Mattermost 安全漏洞 — MattermostCWE-79 3.7 Low2023-12-29

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.