Mattermost Security Vulnerabilities (CVEs)

The Mattermost Confluence Plugin before version 1.5.0 has an authorization bypass vulnerability where attackers can retrieve channel subscription deta...

The Mattermost Confluence Plugin before version 1.5.0 has an authorization bypass vulnerability that allows attackers to create unauthorized channel s...

This vulnerability allows system administrators in Mattermost to read arbitrary files on the server through path traversal in bulk import JSONL files....

This vulnerability allows authenticated Mattermost users who are members of a playbook but not members of a linked private channel to access sensitive...

This vulnerability allows authenticated Mattermost users without proper channel management permissions to add or remove users from public and private ...

This vulnerability allows authenticated Mattermost administrators with specific permissions to perform LDAP search filter injection when linking LDAP ...

Mattermost fails to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bo...

Mattermost fails to implement account lockout for LDAP users after repeated failed login attempts, allowing attackers to perform denial-of-service att...

This vulnerability allows attackers to create task items with excessive actions via the UpdateRunTaskActions GraphQL operation, causing server overloa...

This vulnerability allows authenticated users to view metadata from archived channels even when the 'Allow Users to View Archived Channels' setting is...

Mattermost fails to invalidate user cache when converting accounts to bots, allowing attackers to log in once using the original user credentials. Thi...

This vulnerability allows delegated granular administration users with 'Edit Other Users' permission to modify system administrator accounts in Matter...

Mattermost Mobile Apps versions up to 2.25.0 contain a GIF validation vulnerability that allows attackers to crash the Android application by sending ...

Mattermost fails to enforce channel conversion restrictions, allowing users with permission to convert public channels to private to also convert priv...

Mattermost fails to restrict bookmark creation and updates in archived channels, allowing authenticated users to create or modify bookmarks in channel...

Mattermost fails to enforce multi-factor authentication (MFA) on plugin endpoints, allowing authenticated attackers to bypass MFA protections via API ...

This vulnerability allows authenticated users to execute slash commands in archived Mattermost channels, bypassing intended restrictions. It affects M...

Mattermost versions 9.11.x through 9.11.8 have an authorization flaw where users with the Viewer role configured with 'No Access to Reporting' can sti...

This vulnerability allows authenticated Mattermost users to export archived channel contents even when the 'Allow users to view archived channels' set...

Mattermost Mobile versions up to 2.22.0 contain a type casting vulnerability where posts with attachments containing non-String fields can crash the m...

Mattermost Mobile Apps versions up to 2.22.0 contain a vulnerability where specially crafted attachment names can cause the mobile app to crash when a...

Mattermost fails to properly validate post properties, allowing authenticated malicious users to crash the server by sending specially crafted posts. ...

Mattermost Mobile Apps versions up to 2.22.0 fail to properly validate post properties, allowing authenticated malicious users to send specially craft...

This vulnerability in Mattermost allows attackers to create denial-of-service conditions by exploiting improper validation of post types. Attackers wi...

Mattermost Android mobile apps up to version 2.21.0 have a misconfigured file provider that allows local attackers to access sensitive files. This aff...

This vulnerability in Mattermost allows authenticated users to send specially crafted posts that cause denial-of-service conditions for other users in...

Mattermost fails to properly propagate permission scheme updates across cluster nodes, allowing users to retain old permissions even after administrat...

This vulnerability allows unauthenticated attackers to bypass email domain restrictions in Mattermost by submitting specially crafted email addresses ...

This vulnerability in Mattermost allows attackers to discover private channel names they shouldn't have access to when using Elasticsearch v8 with the...

Mattermost fails to sanitize user inputs in the frontend that are used for redirection, allowing a one-click client-side path traversal that leads to ...

This vulnerability allows attackers to bypass authorization controls in Mattermost when archived channel viewing is disabled. Attackers can retrieve p...

Mattermost mobile apps version 2.18.0 and earlier fail to disable autocomplete during password entry when visible password mode is selected. This allo...

This vulnerability in Mattermost allows authenticated users to manipulate the creation date of their accounts via the POST /api/v4/users endpoint, tri...

This vulnerability allows users with edit access to the permissions section of the Mattermost system console to escalate their privileges to System Ad...

This vulnerability in Mattermost exposes remote users' email addresses when shared channels are enabled, even when email visibility is otherwise restr...

This vulnerability allows remote/synthetic users created through shared channels to receive email notifications and reset passwords using munged email...

This vulnerability in Mattermost allows a malicious remote attacker to create, update, or delete arbitrary posts in arbitrary channels when shared cha...

This vulnerability in Mattermost allows remote attackers to forcibly share local channels without administrator consent when shared channels are enabl...

This vulnerability allows users on remote Mattermost servers to set arbitrary usernames that sync to local servers when shared channels are enabled. I...

This vulnerability in Mattermost allows a malicious remote user in a shared channel to overwrite an existing local user's account. This affects Matter...

Mattermost mobile apps up to version 2.16.0 fail to properly validate push notification origins, allowing malicious servers to impersonate legitimate ...

Mattermost versions with shared channels enabled are vulnerable to a timing attack that allows retrieval of remote cluster tokens. Attackers can explo...

Mattermost Desktop App versions up to 5.7.0 fail to properly prompt users for permission when opening external URLs, allowing attackers to force victi...

This vulnerability allows attackers to execute slash commands as other users by creating deceptive post actions in Mattermost. Attackers can trick use...

This vulnerability in Mattermost allows guest users on channels with linked playbook runs to view all details of those runs when marked as finished. I...

This vulnerability allows Mattermost users to link their playbook runs to private channels they don't have access to, bypassing intended access contro...

This vulnerability allows guest users in Mattermost to access metadata of public playbook runs linked to channels they are guests in, bypassing intend...