Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2022-2366 Incorrect defaults can cause attackers to bypass rate limitations — MattermostCWE-276 5.6 Medium2022-07-11
CVE-2022-1982 A crafted SVG attachment can crash a Mattermost server — MattermostCWE-400 4.3 Medium2022-06-02
CVE-2022-1548 Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins. — Mattermost PlaybooksCWE-264 3.7 Low2022-05-03
CVE-2022-1384 Authorized users are allowed to install old plugin versions from the Marketplace — MattermostCWE-477 4.7 Medium2022-04-19
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites — MattermostCWE-664 3.7 Low2022-04-19
CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents — MattermostCWE-200 4.3 Medium2022-04-13
CVE-2022-1333 A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service — Mattermost PlaybooksCWE-770 3.5 Low2022-04-13
CVE-2022-1337 OOM DoS in Mattermost image proxy — MattermostCWE-400 4.3 Medium2022-04-13
CVE-2022-1002 HTML Injection while inviting Guests — MattermostCWE-80 2.0 Low2022-03-18
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads — MattermostCWE-268 3.3 Low2022-03-18
CVE-2022-0904 Stack overflow in document extractor in Mattermost — Mattermost 4.3 Medium2022-03-09
CVE-2022-0903 Stack overflow in SAML login in Mattermost — Mattermost 5.3 Medium2022-03-09
CVE-2022-0708 Team Creator's Email Address is disclosed to Team Members via one of the APIs — MattermostCWE-200 4.3 Medium2022-02-21
CVE-2021-37864 Users can view the contents of an archived channel when access is explicitly denied by the system admin — MattermostCWE-284 2.6 Low2022-01-18
CVE-2021-37867 Emails of all users are exposed via one of the Boards APIs — Mattermost BoardsCWE-200 4.3 Medium2022-01-18
CVE-2021-37866 Session is not invalidated on server-side when user logged out of Boards — Mattermost BoardsCWE-613 4.7 Medium2022-01-18
CVE-2021-37865 Server-side Denial of Service while processing a specifically crafted GIF file — MattermostCWE-400 4.3 Medium2022-01-18
CVE-2021-37863 Mattermost 输入验证错误漏洞 — MattermostCWE-20 3.5 Low2021-12-17
CVE-2021-37862 Mattermost 代码问题漏洞 — MattermostCWE-754 3.7 Low2021-12-17
CVE-2021-37861 Mattermost 日志信息泄露漏洞 — MattermostCWE-532 5.8 Medium2021-12-09
CVE-2021-37860 Mattermost 跨站脚本漏洞 — MattermostCWE-79 3.7 Low2021-09-22
CVE-2021-37859 Reflected XSS in OAuth Flow — MattermostCWE-79 7.1 High2021-08-05

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.