📦 Mattermost

This vulnerability in Mattermost allows remote attackers to forcibly share local channels without administrator consent when shared channels are enabled. Attackers can send unsolicited invites with ex...

This vulnerability in Mattermost allows a malicious remote user in a shared channel to overwrite an existing local user's account. This affects Mattermost servers running vulnerable versions with shar...

Mattermost versions with shared channels enabled are vulnerable to a timing attack that allows retrieval of remote cluster tokens. Attackers can exploit this by measuring response time differences dur...

Mattermost versions 2.10.0 and earlier contain a CSRF vulnerability due to improper sanitization of deeplink paths. This allows attackers to trick authenticated users into performing unintended action...

The Mattermost iOS app fails to properly validate TLS server certificates during WebSocket connection initialization, allowing network attackers to perform man-in-the-middle attacks and intercept comm...

This vulnerability in Mattermost allows authenticated users to manipulate the creation date of their accounts via the POST /api/v4/users endpoint, tricking administrators into believing accounts are o...

This vulnerability allows users with edit access to the permissions section of the Mattermost system console to escalate their privileges to System Admin by adding the 'manage_system' permission to th...

This vulnerability in Mattermost exposes remote users' email addresses when shared channels are enabled, even when email visibility is otherwise restricted. It affects organizations using Mattermost w...

This vulnerability allows remote/synthetic users created through shared channels to receive email notifications and reset passwords using munged email addresses. It affects Mattermost instances runnin...