Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 388

All 388 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

This page presents a comprehensive aggregation of security vulnerabilities and weaknesses associated with the Mattermost open-source platform developed by Mattermost, Inc. It specifically focuses on identifying, classifying, and cataloging security flaws that may impact the confidentiality, integrity, or availability of self-hosted or cloud-deployed instances of this communication software. The content collected here spans a wide historical range of disclosed issues, from early releases to the most recent updates. By consolidating data from various authoritative sources, including Common Weakness Enumerations (CWE), Common Vulnerabilities and Exposures (CVE), and vendor security advisories, this resource provides a holistic view of the security posture of Mattermost over time. The aggregation includes critical, high, medium, and low-severity findings that have been publicly disclosed, ensuring that users have access to a complete timeline of known defects and configuration errors. Visitors to this page can effectively track a vendor's advisory history to understand how quickly patches are deployed for newly discovered threats. Additionally, users can gain a deeper understanding of specific weakness classes that frequently affect this type of application, such as cross-site scripting or improper access control. The resource also allows for a thorough examination of a product's vulnerability history, enabling teams to assess long-term stability and prioritize remediation efforts based on past trends. This structured approach supports informed decision-making for system administrators and security professionals responsible for maintaining secure communication environments.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2024-28053 Resource Exhaustion via the Invitation Feature CWE-400 3.1 Low2024-03-15
CVE-2024-1953 Mattermost 安全漏洞 CWE-400 4.3 Medium2024-02-29
CVE-2024-1952 Mattermost 安全漏洞 CWE-200 3.1 Low2024-02-29
CVE-2024-1949 Mattermost 安全漏洞 CWE-200 2.6 Low2024-02-29
CVE-2024-1942 Mattermost 安全漏洞 CWE-284 4.3 Medium2024-02-29
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission CWE-284 4.3 Medium2024-02-29
CVE-2024-24988 Excessive resource consumption when sending long emoji names in user custom status CWE-400 4.3 Medium2024-02-29
CVE-2024-1887 Public channel post content accessible without membership when compliance export is enabled CWE-284 4.3 Medium2024-02-29
CVE-2024-23488 Files of archived channels accessible with the “Allow users to view archived channels” option disabled CWE-284 3.1 Low2024-02-29
CVE-2024-23493 Team associated AD/LDAP Groups Leaked due to missing authorization CWE-200 4.3 Medium2024-02-29
CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions CWE-400 4.3 Medium2024-02-09
CVE-2024-24776 Incorrect Authorization leads to Channel Member Count Leak CWE-284 3.1 Low2024-02-09
CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) CWE-863 3.4 Low2024-02-09
CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) CWE-352 3.5 Low2024-02-09
CVE-2023-47858 Details of archived public channels are leaked to members of another team CWE-284 4.3 Medium2024-01-02
CVE-2023-50333 Lack of restriction to manage group names for freshly demoted guests CWE-284 3.7 Low2024-01-02
CVE-2023-48732 Keywords that trigger mentions are leaked to other users CWE-200 4.3 Medium2024-01-02
CVE-2023-7114 Mattermost 安全漏洞 CWE-74 7.1 High2023-12-29
CVE-2023-7113 Mattermost 安全漏洞 CWE-79 3.7 Low2023-12-29
CVE-2023-6727 Leak Inaccessible Playbook Information via Channel Action IDOR CWE-200 3.1 Low2023-12-12
CVE-2023-45316 Reflected client side path traversal leading to CSRF in Playbooks CWE-352 7.3 High2023-12-12
CVE-2023-6547 Playbooks access/modification by removed team member CWE-284 3.7 Low2023-12-12
CVE-2023-49607 Playbook plugin crash via missing interface type assertion CWE-754 4.3 Medium2023-12-12
CVE-2023-49809 Todo plugin gets crashed and disabled by member CWE-400 4.3 Medium2023-12-12
CVE-2023-46701 Inaccessible Post Information Leak via Run Timeline IDOR CWE-200 6.5 Medium2023-12-12
CVE-2023-49874 IDOR when updating the tasks of a private playbook run CWE-284 4.3 Medium2023-12-12
CVE-2023-45847 Playbook Plugin Crash via Run Checklist CWE-400 4.3 Medium2023-12-12
CVE-2023-6459 Public endpoint /metrics of Calls plugin reveals channel IDs CWE-200 5.3 Medium2023-12-06
CVE-2023-6458 Client side path traversal due to lack of route parameters validation CWE-74 7.1 High2023-12-06
CVE-2023-47168 Open redirect in /oauth/<service>/mobile_login?redirect_to= CWE-601 4.3 Medium2023-11-27

All 388 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.