Known Vulnerabilities for products from Mattermost
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mattermost".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-27266 | Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoin... | 2.7 - LOW | 2023-02-27 | 2023-02-27 |
| CVE-2023-27265 | Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoin... | 2.7 - LOW | 2023-02-27 | 2023-02-27 |
| CVE-2023-27264 | A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/pl... | 6.5 - MEDIUM | 2023-02-27 | 2023-02-27 |
| CVE-2023-27263 | A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playb... | 6.5 - MEDIUM | 2023-02-27 | 2023-02-27 |
| CVE-2023-1421 | A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to sen... | Not Provided | 2023-03-15 | 2023-03-15 |
| CVE-2022-22122 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-20... | Not Provided | 2022-01-13 | 2022-02-02 |
| CVE-2021-37867 | Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which ... | 4.3 - MEDIUM | 2022-01-18 | 2022-01-24 |
| CVE-2021-37866 | Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Board... | 7.5 - HIGH | 2022-01-18 | 2022-02-03 |
| CVE-2021-37865 | Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a... | 5.7 - MEDIUM | 2022-01-18 | 2022-01-24 |
| CVE-2021-37864 | Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authentic... | 6.5 - MEDIUM | 2022-01-18 | 2022-10-27 |
| CVE-2021-37863 | Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attacke... | 5.7 - MEDIUM | 2021-12-17 | 2021-12-21 |
| CVE-2021-37862 | Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to tr... | 5.4 - MEDIUM | 2021-12-17 | 2021-12-27 |
| CVE-2021-37861 | Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | 7.5 - HIGH | 2021-12-09 | 2021-12-13 |
| CVE-2021-37860 | Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to injec... | 6.1 - MEDIUM | 2021-09-22 | 2021-10-05 |
| CVE-2021-37859 | Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. | 6.1 - MEDIUM | 2021-08-05 | 2021-08-12 |
| CVE-2020-14460 | An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth ap... | 6.5 - MEDIUM | 2020-06-19 | 2021-07-21 |
| CVE-2020-14459 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direc... | 7.5 - HIGH | 2020-06-19 | 2020-06-19 |
| CVE-2020-14458 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by n... | 7.5 - HIGH | 2020-06-19 | 2021-07-21 |
| CVE-2020-14457 | An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_t... | 5.3 - MEDIUM | 2020-06-19 | 2021-07-21 |
| CVE-2020-14456 | An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control de... | 7.3 - HIGH | 2020-06-19 | 2020-06-25 |
Known software with vulnerabilities from Mattermost
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mattermost | Mattermost | - |
| Application | Mattermost | Mattermost Desktop | 3.4.0 |
| Application | Mattermost | Mattermost Mobile | 1.26.0 |
| Application | Mattermost | Mattermost Packages | 5.16.3 |
| Application | Mattermost | Mattermost Plugins | 5.13.0 |
| Application | Mattermost | Mattermost Server | 0.5.0 |
| Application | Mattermost | Server | 5.19.0 |
Popular searches for "Mattermost"
Mattermost
apps.apple.com/us/app/mattermost/id1257222717 Search in App StoreApp Store Mattermost Business 165
Mattermost
Mattermost is an open-source, self-hostable online chat service with file sharing, search, and integrations. It is designed as an internal chat for organisations and companies, and mostly markets itself as an open-source alternative to Slack and Microsoft Teams.