Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2023-6727 Leak Inaccessible Playbook Information via Channel Action IDOR — MattermostCWE-200 3.1 Low2023-12-12
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks — MattermostCWE-352 7.3 High2023-12-12
CVE-2023-6547 Playbooks access/modification by removed team member — MattermostCWE-284 3.7 Low2023-12-12
CVE-2023-49607 Playbook plugin crash via missing interface type assertion — MattermostCWE-754 4.3 Medium2023-12-12
CVE-2023-49809 Todo plugin gets crashed and disabled by member — MattermostCWE-400 4.3 Medium2023-12-12
CVE-2023-46701 Inaccessible Post Information Leak via Run Timeline IDOR — MattermostCWE-200 6.5 Medium2023-12-12
CVE-2023-49874 IDOR when updating the tasks of a private playbook run — MattermostCWE-284 4.3 Medium2023-12-12
CVE-2023-45847 Playbook Plugin Crash via Run Checklist — MattermostCWE-400 4.3 Medium2023-12-12
CVE-2023-6459 Public endpoint /metrics of Calls plugin reveals channel IDs — MattermostCWE-200 5.3 Medium2023-12-06
CVE-2023-6458 Client side path traversal due to lack of route parameters validation — MattermostCWE-74 7.1 High2023-12-06
CVE-2023-47168 Open redirect in /oauth/<service>/mobile_login?redirect_to= — MattermostCWE-601 4.3 Medium2023-11-27
CVE-2023-6202 Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards — MattermostCWE-284 4.3 Medium2023-11-27
CVE-2023-43754 Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels — MattermostCWE-200 4.3 Medium2023-11-27
CVE-2023-48369 Log Flooding due to specially crafted requests in different endpoints — MattermostCWE-400 4.3 Medium2023-11-27
CVE-2023-35075 HTML injection via channel autocomplete — MattermostCWE-74 3.1 Low2023-11-27
CVE-2023-40703 Denial of Service via specially crafted block fields in Mattermost Boards — MattermostCWE-400 4.3 Medium2023-11-27
CVE-2023-48268 Denial of Service via Board Import Zip Bomb — MattermostCWE-400 4.3 Medium2023-11-27
CVE-2023-45223 Users full name disclosure through Mattermost Boards with Show Full Name Option disabled — MattermostCWE-200 4.3 Medium2023-11-27
CVE-2023-47865 Username and Icon override can be used by members when Hardened Mode is enabled — MattermostCWE-284 4.3 Medium2023-11-27
CVE-2023-5969 Denial of Service via Link Preview in /api/v4/redirect_location — MattermostCWE-400 5.3 Medium2023-11-06
CVE-2023-5968 Password hash in response body after username update — MattermostCWE-200 4.9 Medium2023-11-06
CVE-2023-5967 Denial of Service via crashing the Calls Plugin — MattermostCWE-754 4.3 Medium2023-11-06
CVE-2023-5920 Lack Of Secure Keyboard Entry Protection in MacOS Desktop — Mattermost DesktopCWE-200 2.9 Low2023-11-02
CVE-2023-5875 Lack of Hardening against media exploitation from a remote origin — Mattermost DesktopCWE-693 3.7 Low2023-11-02
CVE-2023-5876 Regex DoS from a malicious server enrolled in Desktop — Mattermost DesktopCWE-400 3.1 Low2023-11-02
CVE-2023-5522 Mobile app freezes when receiving a post with hundreds of emojis — MattermostCWE-400 4.3 Medium2023-10-17
CVE-2023-5339 Mattermost Desktop logs all keystrokes during initial run after fresh installation  — MattermostCWE-200 4.7 Medium2023-10-17
CVE-2023-5333 Denial of Service via multiple identical User IDs in /api/v4/users/ids — MattermostCWE-400 4.3 Medium2023-10-09
CVE-2023-5331 File Information Leak via IDOR in file_id in Draft Posts — MattermostCWE-862 4.3 Medium2023-10-09
CVE-2023-5330 Denial of Service via Opengraph Data Cache — MattermostCWE-400 4.3 Medium2023-10-09

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.