Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mattermost is an open-source, self-hosted messaging platform designed primarily for secure team communication and collaboration within enterprise environments. With 382 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insufficient access controls within its web interface and API layers. While the platform emphasizes data sovereignty through self-hosting, its extensive vulnerability history highlights the risks associated with complex, feature-rich applications. Security incidents have occasionally involved unauthorized data access or service disruption, underscoring the necessity for rigorous patch management and configuration hardening. Organizations deploying this solution must prioritize regular updates and continuous monitoring to mitigate the inherent risks associated with its large attack surface and frequent exposure to newly discovered exploits.

Top products by Mattermost: Mattermost Mattermost Confluence Plugin Mattermost Desktop Mattermost Boards Mattermost Playbooks Mattermost App Framework Focalboard Playbooks Plugin Mattermost Github Plugin Mattermost iOS app Mattermost Plugins Mattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2022-2366 Incorrect defaults can cause attackers to bypass rate limitations — MattermostCWE-276 5.6 Medium2022-07-11
CVE-2022-1982 A crafted SVG attachment can crash a Mattermost server — MattermostCWE-400 4.3 Medium2022-06-02
CVE-2022-1548 Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins. — Mattermost PlaybooksCWE-264 3.7 Low2022-05-03
CVE-2022-1384 Authorized users are allowed to install old plugin versions from the Marketplace — MattermostCWE-477 4.7 Medium2022-04-19
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites — MattermostCWE-664 3.7 Low2022-04-19
CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents — MattermostCWE-200 4.3 Medium2022-04-13
CVE-2022-1333 A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service — Mattermost PlaybooksCWE-770 3.5 Low2022-04-13
CVE-2022-1337 OOM DoS in Mattermost image proxy — MattermostCWE-400 4.3 Medium2022-04-13
CVE-2022-1002 HTML Injection while inviting Guests — MattermostCWE-80 2.0 Low2022-03-18
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads — MattermostCWE-268 3.3 Low2022-03-18
CVE-2022-0904 Stack overflow in document extractor in Mattermost — Mattermost 4.3 Medium2022-03-09
CVE-2022-0903 Stack overflow in SAML login in Mattermost — Mattermost 5.3 Medium2022-03-09
CVE-2022-0708 Team Creator's Email Address is disclosed to Team Members via one of the APIs — MattermostCWE-200 4.3 Medium2022-02-21
CVE-2021-37864 Users can view the contents of an archived channel when access is explicitly denied by the system admin — MattermostCWE-284 2.6 Low2022-01-18
CVE-2021-37867 Emails of all users are exposed via one of the Boards APIs — Mattermost BoardsCWE-200 4.3 Medium2022-01-18
CVE-2021-37866 Session is not invalidated on server-side when user logged out of Boards — Mattermost BoardsCWE-613 4.7 Medium2022-01-18
CVE-2021-37865 Server-side Denial of Service while processing a specifically crafted GIF file — MattermostCWE-400 4.3 Medium2022-01-18
CVE-2021-37863 Mattermost 输入验证错误漏洞 — MattermostCWE-20 3.5 Low2021-12-17
CVE-2021-37862 Mattermost 代码问题漏洞 — MattermostCWE-754 3.7 Low2021-12-17
CVE-2021-37861 Mattermost 日志信息泄露漏洞 — MattermostCWE-532 5.8 Medium2021-12-09
CVE-2021-37860 Mattermost 跨站脚本漏洞 — MattermostCWE-79 3.7 Low2021-09-22
CVE-2021-37859 Reflected XSS in OAuth Flow — MattermostCWE-79 7.1 High2021-08-05

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.