Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2023-5160 Full name disclosure via team top membership with Show Full Name option disabled — MattermostCWE-200 4.3 Medium2023-10-02
CVE-2023-5194 A system/user manager can demote / deactivate another manager — MattermostCWE-863 2.7 Low2023-09-29
CVE-2023-5195 A team member can soft delete other teams that they are not part of — MattermostCWE-863 6.5 Medium2023-09-29
CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages — MattermostCWE-863 4.9 Medium2023-09-29
CVE-2023-5196 DoS via Channel Notification Properties — MattermostCWE-400 6.5 Medium2023-09-29
CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots — MattermostCWE-863 3.8 Low2023-09-29
CVE-2023-4478 Parameter tampering in the registration resulting in blocked accounts to be created — MattermostCWE-74 4.3 Medium2023-08-25
CVE-2023-4108 Audit logging fails to sanitize post metadata — MattermostCWE-532 4.5 Medium2023-08-11
CVE-2023-4107 Incorrect authorization allows a user manager to update a system admin — MattermostCWE-863 6.7 Medium2023-08-11
CVE-2023-4106 A guest user can perform various actions on public playbooks — MattermostCWE-862 6.3 Medium2023-08-11
CVE-2023-4105 Attachment of deleted message in a thread remains accessible and downloadable — MattermostCWE-862 3.1 Low2023-08-11
CVE-2023-3593 Server crash via a specially crafted markdown input — MattermostCWE-400 4.3 Medium2023-07-17
CVE-2023-3615 Lack of server certificate validation in websockets connection — Mattermost iOS appCWE-295 8.1 High2023-07-17
CVE-2023-3614 Denial of Service via specially crafted gif image — MattermostCWE-400 4.3 Medium2023-07-17
CVE-2023-3613 Guest accounts invited and added to channels by Welcomebot plugin — Mattermost PluginsCWE-863 3.5 Low2023-07-17
CVE-2023-3591 Lack of previous password reset tokens on new token creation — MattermostCWE-287 4.8 Medium2023-07-17
CVE-2023-3590 Deleted attachments in Boards remain accessible — MattermostCWE-863 3.1 Low2023-07-17
CVE-2023-3587 Inconsistent state in UI after boards permission change by system admin — MattermostCWE-862 2.7 Low2023-07-17
CVE-2023-3586 Disabling publicly-shared boards does not disable existing publicly available board links — MattermostCWE-863 4.2 Medium2023-07-17
CVE-2023-3585 channel DoS by sharing a boards link — MattermostCWE-400 4.3 Medium2023-07-17
CVE-2023-3584 Member can create team with team override scheme — MattermostCWE-863 3.1 Low2023-07-17
CVE-2023-3582 Lack of channel membership check when linking a board to a channel — MattermostCWE-863 4.3 Medium2023-07-17
CVE-2023-3581 WebSockets accept connections from HTTPS origin — MattermostCWE-346 6.2 Medium2023-07-17
CVE-2023-3577 Limited blind SSRF to localhost/intranet in interactive dialog implementation — MattermostCWE-918 3.5 Low2023-07-17
CVE-2023-2785 Specially crafted search query can cause large log entries in postgres — MattermostCWE-400 4.3 Medium2023-06-16
CVE-2023-2831 Denial of Service while unescaping a Markdown string — MattermostCWE-400 4.3 Medium2023-06-16
CVE-2023-2797 Path traversal in GitHub plugin's code preview feature — Mattermost Github PluginCWE-74 3.1 Low2023-06-16
CVE-2023-2793 Stack exhaustion in PreparePostForClientWithEmbedsAndImages — MattermostCWE-400 6.5 Medium2023-06-16
CVE-2023-2792 Ephemeral messages return private channel contents in permalink previews — MattermostCWE-200 6.5 Medium2023-06-16
CVE-2023-2791 Playbooks lets you edit arbitrary posts — MattermostCWE-862 4.3 Medium2023-06-16

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.