Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mattermost is an open-source, self-hosted messaging platform designed primarily for secure team communication and collaboration within enterprise environments. With 382 recorded Common Vulnerabilities and Exposures (CVEs), the software has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation or insufficient access controls within its web interface and API layers. While the platform emphasizes data sovereignty through self-hosting, its extensive vulnerability history highlights the risks associated with complex, feature-rich applications. Security incidents have occasionally involved unauthorized data access or service disruption, underscoring the necessity for rigorous patch management and configuration hardening. Organizations deploying this solution must prioritize regular updates and continuous monitoring to mitigate the inherent risks associated with its large attack surface and frequent exposure to newly discovered exploits.

Top products by Mattermost: Mattermost Mattermost Confluence Plugin Mattermost Desktop Mattermost Boards Mattermost Playbooks Mattermost App Framework Focalboard Playbooks Plugin Mattermost Github Plugin Mattermost iOS app Mattermost Plugins Mattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2024-32046 Detailed error discloses full file path with dev mode off — MattermostCWE-200 4.3 Medium2024-04-26
CVE-2024-22091 Excessive resource consumption due to lack to request path size limits — MattermostCWE-400 3.1 Low2024-04-26
CVE-2024-3872 Mattermost Mobile Apps 安全漏洞 — MattermostCWE-400 3.1 Low2024-04-16
CVE-2024-2447 Mattermost 安全漏洞 — MattermostCWE-284 6.5 Medium2024-04-05
CVE-2024-29221 Invite ID available to team admins even without the "Add Members" permission — MattermostCWE-284 4.7 Medium2024-04-05
CVE-2024-28949 DoS via a large number of User Preferences — MattermostCWE-400 4.3 Medium2024-04-05
CVE-2024-21848 Users maintain access to active call after being removed from a channel — MattermostCWE-284 3.1 Low2024-04-05
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin — MattermostCWE-74 6.1 Medium2024-03-15
CVE-2024-2450 Mattermost 安全漏洞 — MattermostCWE-287 8.8 High2024-03-15
CVE-2024-2446 Mattermost 安全漏洞 — MattermostCWE-400 4.3 Medium2024-03-15
CVE-2024-28053 Resource Exhaustion via the Invitation Feature — MattermostCWE-400 3.1 Low2024-03-15
CVE-2024-24975 Denial of Service for mobile app users due to automatic code highlighting — Mattermost MobileCWE-400 3.5 Low2024-03-15
CVE-2024-1953 Mattermost 安全漏洞 — MattermostCWE-400 4.3 Medium2024-02-29
CVE-2024-1952 Mattermost 安全漏洞 — MattermostCWE-200 3.1 Low2024-02-29
CVE-2024-1949 Mattermost 安全漏洞 — MattermostCWE-200 2.6 Low2024-02-29
CVE-2024-1942 Mattermost 安全漏洞 — MattermostCWE-284 4.3 Medium2024-02-29
CVE-2024-1888 Existing server guests invited to the team by members without "invite_guest" permission — MattermostCWE-284 4.3 Medium2024-02-29
CVE-2024-24988 Excessive resource consumption when sending long emoji names in user custom status — MattermostCWE-400 4.3 Medium2024-02-29
CVE-2024-1887 Public channel post content accessible without membership when compliance export is enabled — MattermostCWE-284 4.3 Medium2024-02-29
CVE-2024-23488 Files of archived channels accessible with the “Allow users to view archived channels” option disabled — MattermostCWE-284 3.1 Low2024-02-29
CVE-2024-23493 Team associated AD/LDAP Groups Leaked due to missing authorization — MattermostCWE-200 4.3 Medium2024-02-29
CVE-2024-1402 Denial of service in mattermost mobile apps and server via emoji reactions — MattermostCWE-400 4.3 Medium2024-02-09
CVE-2024-24776 Incorrect Authorization leads to Channel Member Count Leak — MattermostCWE-284 3.1 Low2024-02-09
CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin) — MattermostCWE-863 3.4 Low2024-02-09
CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin) — MattermostCWE-352 3.5 Low2024-02-09
CVE-2023-47858 Details of archived public channels are leaked to members of another team — MattermostCWE-284 4.3 Medium2024-01-02
CVE-2023-50333 Lack of restriction to manage group names for freshly demoted guests — MattermostCWE-284 3.7 Low2024-01-02
CVE-2023-48732 Keywords that trigger mentions are leaked to other users — MattermostCWE-200 4.3 Medium2024-01-02
CVE-2023-7114 Mattermost 安全漏洞 — MattermostCWE-74 7.1 High2023-12-29
CVE-2023-7113 Mattermost 安全漏洞 — MattermostCWE-79 3.7 Low2023-12-29

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.