Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Mattermost — Vulnerabilities & Security Advisories 406

All 406 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

This page aggregates common vulnerabilities and exposures associated with Mattermost, an open-source, self-hosted collaboration platform designed for secure team communication. It collects security data focusing on issues that allow unauthorized access, privilege escalation, and potential denial of service within the application or its underlying infrastructure. The data covers advisories and reported incidents from January 2020 through the present, ensuring a comprehensive view of the product's evolving security landscape. By utilizing this resource, users can efficiently track vendor advisories to stay informed about critical patches and configuration changes recommended by the Mattermost team. The structured presentation allows developers and security analysts to understand the prevalence and impact of specific weakness classes within the Mattermost ecosystem, facilitating better risk assessment and mitigation strategies. Furthermore, individuals can look up a product's vulnerability history to identify recurring patterns or persistent flaws that may require architectural adjustments or enhanced monitoring. This centralized view supports compliance efforts and helps teams prioritize remediation tasks based on the severity and relevance of past incidents. The goal is to provide transparency and actionable intelligence, enabling organizations to maintain the integrity and confidentiality of their communication channels against known threats.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2022-1384 Authorized users are allowed to install old plugin versions from the Marketplace CWE-477 4.7 Medium2022-04-19
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites CWE-664 3.7 Low2022-04-19
CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents CWE-200 4.3 Medium2022-04-13
CVE-2022-1337 OOM DoS in Mattermost image proxy CWE-400 4.3 Medium2022-04-13
CVE-2022-1002 HTML Injection while inviting Guests CWE-80 2.0 Low2022-03-18
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads CWE-268 3.3 Low2022-03-18
CVE-2022-0904 Stack overflow in document extractor in Mattermost 4.3 Medium2022-03-09
CVE-2022-0903 Stack overflow in SAML login in Mattermost 5.3 Medium2022-03-09
CVE-2022-0708 Team Creator's Email Address is disclosed to Team Members via one of the APIs CWE-200 4.3 Medium2022-02-21
CVE-2021-37864 Users can view the contents of an archived channel when access is explicitly denied by the system admin CWE-284 2.6 Low2022-01-18
CVE-2021-37865 Server-side Denial of Service while processing a specifically crafted GIF file CWE-400 4.3 Medium2022-01-18
CVE-2021-37863 Mattermost 输入验证错误漏洞 CWE-20 3.5 Low2021-12-17
CVE-2021-37862 Mattermost 代码问题漏洞 CWE-754 3.7 Low2021-12-17
CVE-2021-37861 Mattermost 日志信息泄露漏洞 CWE-532 5.8 Medium2021-12-09
CVE-2021-37860 Mattermost 跨站脚本漏洞 CWE-79 3.7 Low2021-09-22
CVE-2021-37859 Reflected XSS in OAuth Flow CWE-79 7.1 High2021-08-05

All 406 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.