📦 Mattermost Server
by Mattermost
🔍 What is Mattermost Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows authenticated Mattermost users to perform account takeover by exploiting a flaw in the SSO code exchange process. Attackers can switch authentication methods using a speciall...
This vulnerability allows authenticated attackers with team creation privileges to take over user accounts in Mattermost by manipulating OAuth state tokens during OpenID Connect authentication. It aff...
This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on the filesystem by uploading archives containing path traversal sequences in filenames. This can lead t...
This vulnerability in Mattermost Boards allows authenticated users to read arbitrary files on the server by duplicating specially crafted blocks. It affects Mattermost instances running vulnerable ver...
This vulnerability in Mattermost Boards allows attackers to read arbitrary files on the server by importing specially crafted board archives. It affects Mattermost instances running vulnerable version...
This vulnerability allows unauthenticated attackers to bypass authentication in Mattermost's Jira plugin and make authenticated requests to Jira servers. Attackers can spoof user IDs and inject arbitr...
This vulnerability allows attackers to join any Mattermost team without proper authorization by manipulating RelayState parameters. Attackers can bypass team invitation restrictions and gain unauthori...
This vulnerability allows admin users in Mattermost to execute arbitrary code by uploading malicious plugins to the prepackaged plugins directory. The system fails to validate import directory path co...
Mattermost SAML authentication redirect vulnerability allows attackers to steal user session cookies via malicious links. When users authenticate through SAML, the system fails to validate redirect UR...
Mattermost fails to enforce multi-factor authentication (MFA) on plugin endpoints, allowing authenticated attackers to bypass MFA protections via API requests to plugin-specific routes. This affects M...
This vulnerability allows unauthenticated attackers to bypass email domain restrictions in Mattermost by submitting specially crafted email addresses during registration. Affected organizations are th...
This vulnerability allows authenticated attackers to take over other user accounts in Mattermost by exploiting a flaw in authentication switching from email to SAML. Attackers can craft malicious swit...
Mattermost web applications fail to properly validate route parameters in the team/channel URL path, allowing attackers to perform client-side path traversal. This vulnerability affects Mattermost ins...
This vulnerability allows attackers to upload malicious SVG files to Mattermost Boards and share them via direct links. When users view these SVG files, cross-site scripting (XSS) attacks can execute ...
This vulnerability allows authenticated Mattermost users to discover the existence of teams and their URL names by posting channel shortlinks and observing API responses. It affects Mattermost instanc...
This vulnerability allows authenticated Mattermost users to exfiltrate sensitive data including password hashes and MFA secrets through WebSocket messages. The flaw occurs when users update their prof...
This vulnerability allows authenticated users to bypass SSO-only login requirements in Mattermost by using userID-based authentication. It affects Mattermost instances configured to enforce SSO-only l...
This vulnerability allows any authenticated Mattermost user to modify Zoom meeting restrictions for any channel via API requests. Affected systems include Mattermost versions 11.1.x up to 11.1.2, 10.1...
This vulnerability allows authenticated Mattermost users with Jira plugin access to bypass channel permissions and read posts/attachments from channels they shouldn't have access to. Attackers can exp...
This vulnerability allows authenticated Mattermost users to trigger infinite component re-render loops when API errors occur, causing application-level denial of service. Affected systems include Matt...
This vulnerability allows malicious Mattermost users to create posts with fake Jira plugin actions that exfiltrate Jira tickets when other users interact with them. It affects Mattermost instances wit...
This vulnerability allows authenticated Mattermost users with Jira plugin access to read posts and attachments from channels they shouldn't have access to. It affects Mattermost instances with the Jir...
This vulnerability allows attackers to crash the Calls plugin in Mattermost by sending malformed WebSocket requests with improper UTF-8 formatting. Affected organizations are those running vulnerable ...
This CSRF vulnerability in Mattermost allows authenticated attackers to initiate calls and inject messages into channels or direct messages via malicious webpages or links. It affects Mattermost versi...
This vulnerability allows authenticated users with editor permissions in Mattermost Boards to delete comments created by other users, bypassing intended permission checks. It affects Mattermost instan...
This vulnerability allows any authenticated Mattermost user to view team email addresses that should only be visible to Team Admins. The information disclosure occurs through the GET /api/v4/channels/...
This vulnerability allows system administrators to access password hashes and MFA secrets through an API endpoint that fails to properly sanitize user data. It affects Mattermost instances running vul...
Mattermost versions before 11 fail to enforce multi-factor authentication on WebSocket connections, allowing unauthenticated users to bypass MFA and access sensitive information via WebSocket events. ...
This vulnerability allows attackers to edit arbitrary posts in Mattermost by exploiting an improper validation flaw in the MSTeams plugin OAuth flow. Attackers can craft malicious OAuth redirect URLs ...
Mattermost versions before 11 have an authorization bypass vulnerability where guest users can discover archived public channels through a specific API endpoint. This allows unauthorized access to cha...
This vulnerability allows attackers to create verified user accounts with arbitrary email domains during Slack imports in Mattermost. Attackers can bypass email-based team access restrictions by provi...
This vulnerability allows guest users in Mattermost to discover active public channels and their metadata through an API endpoint, bypassing intended permission controls. It affects Mattermost instanc...
Mattermost versions 10.10.x through 10.10.1 fail to properly sanitize user data during shared channel synchronization, allowing malicious remote clusters to access sensitive user information. This aff...
This vulnerability allows authenticated Mattermost users to access unauthorized posts and manipulate link previews through hash collision attacks on FNV-1 hashing. It affects Mattermost versions 10.8....
This vulnerability allows system administrators to crash Mattermost servers by importing malformed data through the bulk import feature. It affects Mattermost versions 10.8.x up to 10.8.3, 10.5.x up t...
This vulnerability allows authenticated users with file upload permissions to overwrite file attachment thumbnails via path traversal in Mattermost's file streaming APIs. Attackers could potentially r...
This vulnerability allows team administrators without member invite privileges to obtain a team's invite ID through the team restore API endpoint. Affected systems include Mattermost versions 10.8.x u...
This vulnerability allows system administrators in Mattermost to upload non-attachment file types via shared channels, potentially placing files in arbitrary filesystem directories. It affects Matterm...
This vulnerability allows system administrators in Mattermost to perform path traversal attacks by manipulating template file destination paths. Attackers can place malicious files outside intended di...
This vulnerability allows restricted admin users in Mattermost to install unauthorized custom plugins via path traversal during plugin imports. It bypasses plugin signature enforcement and marketplace...
This vulnerability allows system administrators in Mattermost to read arbitrary files on the server through path traversal in bulk import JSONL files. Attackers can exploit this by crafting malicious ...
This vulnerability allows authenticated Mattermost users who are members of a playbook but not members of a linked private channel to access sensitive information about that channel through the run me...
This vulnerability allows authenticated Mattermost users without proper channel management permissions to add or remove users from public and private channels by manipulating playbook run participants...
This vulnerability allows authenticated Mattermost administrators with specific permissions to perform LDAP search filter injection when linking LDAP groups. Attackers could potentially extract sensit...
This vulnerability allows deactivated Mattermost users to learn team names they shouldn't have access to through a race condition in the API. It affects Mattermost versions 10.11.x up to 10.11.9. The ...
Mattermost versions 10.11.0 through 10.11.8 have a CPU exhaustion vulnerability where authenticated users can send posts with thousands of space-separated tokens that aren't properly validated before ...
This vulnerability allows attackers who obtain remote cluster invite tokens to authenticate as remote clusters and perform limited actions on shared channels in Mattermost, even after legitimate invit...
Mattermost versions 10.11.4 and earlier contain an open redirect vulnerability on the /error page. An attacker can craft a malicious link that redirects victims to arbitrary websites when opened in a ...
This vulnerability allows attackers to hijack Mattermost's GitHub reaction feature by exploiting improper plugin bot identity validation. Attackers can craft notification posts to make users add react...
This vulnerability in Mattermost allows authenticated users to access files and subscribe to blocks in Boards they shouldn't have permission to view. It affects Mattermost instances running vulnerable...
Mattermost versions before 11.0 fail to properly enforce the 'Allow users to view archived channels' setting, allowing regular users to access archived channel content and files via the 'Open in Chann...