Security Advisories for github.com/mattermost/mattermost in go
Moderate
6 months ago
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost
Low
6 months ago
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection
go
github.com/mattermost/mattermost-plugin-github, github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Low
6 months ago
Mattermost has missing redirect URL validation
go
github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Low
6 months ago
Mattermost fails to validate user permissions in Boards
go
github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Moderate
6 months ago
Mattermost fails to validate user permissions when deleting comments in Boards
go
github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Moderate
7 months ago
Mattermost fails to properly restrict access to archived channel search API
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server, github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Low
7 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server, github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Potential
Moderate
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
Low
8 months ago
Mattermost has an Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
High
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
High
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
Moderate
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
Low
8 months ago
Mattermost has an Observable Timing Discrepancy vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
High
9 months ago
Mattermost Path Traversal vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Low
9 months ago
Mattermost Open Redirect vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
High
9 months ago
Mattermost Open Redirect vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Moderate
9 months ago
Mattermost makes Use of Weak Hash
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Low
11 months ago
Mattermost has Insufficiently Protected Credentials
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Moderate
11 months ago
Mattermost Path Traversal vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Moderate
11 months ago
Mattermost Missing Authentication for Critical Function
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Moderate
12 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Critical
12 months ago
Mattermost allows authenticated users to write files to arbitrary locations
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Low
about 1 year ago
Mattermost allows guest users to view information about public teams they are not members of
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost allows authenticated administrator to execute LDAP search filter injection
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost fails to clear Google OAuth credentials
go
github.com/mattermost/mattermost/server/v8
Potential
Low
about 1 year ago
Mattermost fails to properly enforce access controls for guest users
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost fails to properly invalidate personal access tokens upon user deactivation
go
github.com/mattermost/mattermost/server/v8
Potential
Low
about 1 year ago
Mattermost fails to properly enforce access control restrictions for System Manager roles
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost improperly allows team administrators to modify team invites
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm
go
github.com/mattermost/mattermost/server/v8
Potential
Low
about 1 year ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 1 year ago
Mattermost Fails to Restrict Certain Operations on System Admins
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Potential
Low
over 1 year ago
Mattermost fails to invalidate all active sessions when converting a user to a bot
go
github.com/mattermost/mattermost/server/v8
Potential
Low
over 1 year ago
Mattermost incorrectly issues two sessions when using desktop SSO
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
over 1 year ago
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
almost 2 years ago
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
go
github.com/mattermost/mattermost/server/v8
Potential
Low
about 2 years ago
Mattermost allows team admins to promote guests to team admins
go
github.com/mattermost/mattermost-server
Potential
Low
about 2 years ago
Mattermost fails to limit the size of a request path
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 2 years ago
Mattermost crashes web clients via a malformed custom status
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 2 years ago
Mattermost's detailed error messages reveal the full file path
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 2 years ago
Mattermost fails to limit the number of active sessions
go
github.com/mattermost/mattermost-server
Potential
Low
about 2 years ago
Mattermost fails to fully validate role changes
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 2 years ago
Mattermost Server Improper Access Control
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 2 years ago
Mattermost Server doesn't limit the number of user preferences
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
over 2 years ago
Mattermost vulnerable to denial of service via large number of emoji reactions
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
over 2 years ago
Mattermost notified all users in the channel when using WebSockets to respond individually
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Potential
Low
over 2 years ago
Mattermost allows demoted guests to change group names
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
over 2 years ago
Mattermost vulnerable to excessive memory consumption
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Potential
Moderate
over 2 years ago
Mattermost password hash disclosure vulnerability
go
github.com/mattermost/mattermost/server/v8
Potential
Moderate
about 4 years ago
Mattermost Server Sensitive Data Exposure
go
github.com/mattermost/mattermost-server/v5
Potential
Moderate
about 4 years ago
Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution
go
github.com/mattermost/mattermost-server
Potential
Low
about 4 years ago
Mattermost Server allows System Admin to modify LDAP account names and email addresses
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server is vulnerable to XSS through crafted links
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server exposes information stored by a web browser
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server exposes account details to any Team Administrator
go
github.com/mattermost/mattermost-server
Potential
High
about 4 years ago
Mattermost Server: initial_load API exposes unnecessary information
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server's Session ID and Session Token are potentially compromised
go
github.com/mattermost/mattermost-server
Potential
High
about 4 years ago
Mattermost Server does not check if cookies are used over SSL
go
github.com/mattermost/mattermost-server
Potential
High
about 4 years ago
Mattermost Server does not enforce rate limits on password change attempts
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server is vulnerable to XSS through customizable theme color-code values
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server is vulnerable to Code Injection through its LDAP fields
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server is vulnerable to XSS via a Legal or Support setting
go
github.com/mattermost/mattermost-server
Potential
Moderate
about 4 years ago
Mattermost Server vulnerable to Cross-site Scripting through file preview feature
go
github.com/mattermost/mattermost-server