Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/mattermost/mattermost-server

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/mattermost/mattermost-server in go

Critical
10 days ago

Mattermost fails to to verify the token used during code exchange GSA_kwCzR0hTQS1tcDZ4LTk3eGotOXg2Ms4ABPBl

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Critical
10 days ago

Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication GSA_kwCzR0hTQS0zeDM5LTYyaDQtZjhqNs4ABPBh

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
10 days ago

Mattermost fails to sanitize team email addresses GSA_kwCzR0hTQS00Zzg3LTl4NDUtY3gyaM4ABPBk

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
19 days ago

Mattermost allows other users to determine when users had read channels via channel member objects GSA_kwCzR0hTQS05aGg3LTY1NTgtcWZwMs4ABOpf

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
23 days ago

Mattermost allows system administrators to access password hashes and MFA secrets GSA_kwCzR0hTQS1tcXA4LXBnZzUtN3g3bc4ABOjA

go github.com/mattermost/mattermost-server
Low
24 days ago

Mattermost allows regular users to access archived channel content and files GSA_kwCzR0hTQS14M2h4LWNoN3AtOHhnZ84ABOi8

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
24 days ago

Mattermost does not enforce MFA on WebSocket connections GSA_kwCzR0hTQS14cGc4LTh4cHYtOTQ4cM4ABOi_

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
24 days ago

Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL GSA_kwCzR0hTQS1mZjg1LXF3M2gtZzl2cM4ABOi-

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
24 days ago

Mattermost fails to properly restrict access to archived channel search API GSA_kwCzR0hTQS1qNmdnLXI1amMtNDdjbc4ABOi9

go github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server, github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Low
24 days ago

Mattermost Incorrect Authorization vulnerability GSA_kwCzR0hTQS1tcWNqLThjMmctaDk3cc4ABOhn

go github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server, github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Moderate
about 2 months ago

Mattermost has a Missing Authorization vulnerability GSA_kwCzR0hTQS03Y3IzLTM4am0tNnA0Nc4ABNex

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
about 2 months ago

Mattermost has an Observable Timing Discrepancy vulnerability GSA_kwCzR0hTQS14cjN3LXJtdmotZjZtN84ABNeq

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
about 2 months ago

Mattermost has a Missing Authorization vulnerability GSA_kwCzR0hTQS1yNnFqLTg5NGYtNWhyMs4ABNe1

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
about 2 months ago

Mattermost has a Missing Authorization vulnerability GSA_kwCzR0hTQS0zcTRxLXdxbTYtaHZmM84ABNe5

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
about 2 months ago

Mattermost has an Incorrect Authorization vulnerability GSA_kwCzR0hTQS00MjRoLXhqODctbTkzN84ABNe8

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
about 2 months ago

Mattermost has a Missing Authorization vulnerability GSA_kwCzR0hTQS02cTdtLXA4Y2MtOTk4cs4ABNe_

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
3 months ago

Mattermost boards plugin fails to restrict download access to files GSA_kwCzR0hTQS1mNzJnLTUydjctbWczcM4ABMZr

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-plugin-boards
High
3 months ago

Mattermost Path Traversal vulnerability GSA_kwCzR0hTQS1xeDNmLTZ2cTMtOGo4bc4ABMZt

go github.com/mattermost/mattermost-server
Moderate
3 months ago

Mattermost makes Use of Weak Hash GSA_kwCzR0hTQS05cDkyLXg3N3ctOWZ3Ms4ABMEa

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
3 months ago

Mattermost Open Redirect vulnerability GSA_kwCzR0hTQS1obTk1LWp4NjYtZzJnaM4ABMER

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
3 months ago

Mattermost Open Redirect vulnerability GSA_kwCzR0hTQS02OWo4LXByeDItdng5OM4ABMEQ

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
3 months ago

Mattermost Missing Authorization vulnerability GSA_kwCzR0hTQS0zdmNtLWM0MnAtM2hoZs4ABMEP

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
4 months ago

Mattermost has Potential Server Crash due to Unvalidated Import Data GSA_kwCzR0hTQS1oNDY5LTRmY2YtcDIzaM4ABLUR

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
4 months ago

Mattermost Fails to Sanitize File Names GSA_kwCzR0hTQS1wajZmLXJjOTQtZ3c1M84ABLUh

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
4 months ago

Mattermost Fails to Sanitize Path Traversal Sequences GSA_kwCzR0hTQS14NjdjLXY4anItcDI5cs4ABLTm

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
4 months ago

Mattermost Lack of Access Control Validation GSA_kwCzR0hTQS1wd3ZyLWdycWctN3ZwMs4ABLTo

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
4 months ago

Mattermost Does Not Sanitize the Team Invite ID GSA_kwCzR0hTQS1xajQ3LXc5ZjItcWc0NM4ABLTl

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
4 months ago

Mattermost Server SSRF Vulnerability via the Agents Plugin GSA_kwCzR0hTQS12cXdoLTVqaGgtdmM5cM4ABLTk

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
4 months ago

Mattermost Fails to Properly Validate Team Role Modification GSA_kwCzR0hTQS00Mjc2LWNtOGMtNzg4aM4ABLTj

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
4 months ago

Mattermost Fails to Validate File Paths GSA_kwCzR0hTQS1ncTNyLTU4MzMtNTUzMs4ABLTi

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
4 months ago

Mattermost Fails to Validate Remote Cluster Upload Sessions GSA_kwCzR0hTQS1xNDUzLTYzOGMtaDRtcs4ABLTn

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
5 months ago

Mattermost Path Traversal vulnerability GSA_kwCzR0hTQS13dncyLTNqaDQtNGMzOc4ABKRq

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
5 months ago

Mattermost has Insufficiently Protected Credentials GSA_kwCzR0hTQS00ZndqLTg1OTUtd3AyNc4ABKRo

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
5 months ago

Mattermost Missing Authentication for Critical Function GSA_kwCzR0hTQS03aDM0LTljaHItNThxaM4ABKRa

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
5 months ago

Mattermost Incorrect Authorization vulnerability GSA_kwCzR0hTQS13Z3ZwLWpqNHctODhoZs4ABJkw

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
5 months ago

Mattermost Incorrect Authorization vulnerability GSA_kwCzR0hTQS12OGZyLXZ4bXctNm1mNs4ABJkm

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
6 months ago

Mattermost allows an unauthorized Guest user access to Playbook GSA_kwCzR0hTQS00NTc4LTZnamgtZjJqbc4ABJTD

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
6 months ago

Mattermost allows unauthorized channel member management through playbook runs GSA_kwCzR0hTQS1xd3dtLWM1ODItODJyeM4ABJTJ

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Critical
6 months ago

Mattermost allows authenticated users to write files to arbitrary locations GSA_kwCzR0hTQS1xaDU4LTl2M2otd2NqY84ABJSQ

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
6 months ago

Mattermost allows guest users to view information about public teams they are not members of GSA_kwCzR0hTQS1qd2h3LXhmNXYtcWd4Y84ABI-z

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
6 months ago

Mattermost allows authenticated administrator to execute LDAP search filter injection GSA_kwCzR0hTQS00cjY3LTR4NHAtZnByZ84ABI-v

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
8 months ago

Mattermost Fails to Restrict Certain Operations on System Admins GSA_kwCzR0hTQS0zMjJ2LXZoMmctcXZwds4ABGvR

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
9 months ago

Mattermost allows members with permission to convert public channels to private and convert private to public GSA_kwCzR0hTQS1oNXY5LXh3MmctN2hycc4ABFxA

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
9 months ago

Mattermost Fails to Properly Perform Viewer Role Authorization GSA_kwCzR0hTQS1mcXJxLXhteGotdjQ3eM4ABFpb

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
over 1 year ago

Mattermost allows team admins to promote guests to team admins GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ

go github.com/mattermost/mattermost-server
Low
over 1 year ago

Mattermost fails to limit the size of a request path GSA_kwCzR0hTQS1wMndxLTRnZ3AtNDVmM84AA7U_

go github.com/mattermost/mattermost-server
Moderate
over 1 year ago

Mattermost fails to limit the number of active sessions GSA_kwCzR0hTQS13ajM3LW1wcTkteHJjbc4AA7VH

go github.com/mattermost/mattermost-server
Moderate
over 1 year ago

Mattermost crashes web clients via a malformed custom status GSA_kwCzR0hTQS04Zjk5LWcycGoteDh3M84AA7VG

go github.com/mattermost/mattermost-server
Moderate
over 1 year ago

Mattermost's detailed error messages reveal the full file path GSA_kwCzR0hTQS12eDk3LThxOHEtcWdxNc4AA7VB

go github.com/mattermost/mattermost-server
Low
over 1 year ago

Mattermost fails to fully validate role changes GSA_kwCzR0hTQS01cXg5LTlmZmotNXI4Zs4AA7VE

go github.com/mattermost/mattermost-server
Moderate
over 2 years ago

Mattermost vulnerable to cross-site scripting (XSS) GSA_kwCzR0hTQS02M2YyLTY5NTktMnB4as4AAye3

go github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Moderate
over 2 years ago

Mattermost fails to properly authentication inviter's permissions to private channel GSA_kwCzR0hTQS05aGo3LXY1NmctcmhmNs4AAyey

go github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Moderate
over 2 years ago

Mattermost vulnerable to information disclosure GSA_kwCzR0hTQS04amhoLTNqZjItcGZ3cs4AAyez

go github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Moderate
over 2 years ago

Mattermost vulnerable to information disclosure GSA_kwCzR0hTQS0zd3E1LTNmNTYtdjV4Y84AAyex

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost-server/v6
Moderate
about 3 years ago

Denial of service in Mattermost GSA_kwCzR0hTQS12NDJmLWhxNzgtOGM1bc4AAwBK

go github.com/mattermost/mattermost-server
Moderate
about 3 years ago

Denial of service in Mattermost GSA_kwCzR0hTQS01anBoLXdycTctdjloZs4AAwBJ

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Uncontrolled Resource Consumption in Mattermost server GSA_kwCzR0hTQS1nd3BmLTk1amMtNjNyds4AArUl

go github.com/mattermost/mattermost-server
High
over 3 years ago

Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command GSA_kwCzR0hTQS01bWg2LXA2M2ctM212Nc4AAlE8

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server exposes team invite IDs through API endpoints GSA_kwCzR0hTQS1qd2Z2LTVod3EtZjk3cs4AAlEr

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server allows attackers to create buttons that can launch API requests GSA_kwCzR0hTQS1tNDk3LWhxNXgtNmpjds4AAlEc

go github.com/mattermost/mattermost-server
Critical
over 3 years ago

Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests GSA_kwCzR0hTQS12MnZtLWhxMjYtNWp2Ns4AAlEe

go github.com/mattermost/mattermost-server
High
over 3 years ago

Mattermost Server does not properly restrict use of slash commands GSA_kwCzR0hTQS13dmpnLTMzcDktOTM4aM4AAlEQ

go github.com/mattermost/mattermost-server
Critical
over 3 years ago

Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials GSA_kwCzR0hTQS1nNzhmLTZ4cTctcnJocc4AAlE_

go github.com/mattermost/mattermost-server
Critical
over 3 years ago

Mattermost Server exposes OAuth personal access tokens to attackers GSA_kwCzR0hTQS04NzZqLWpmcWYtbTdqN84AAlER

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to webhook and slash command manipulation GSA_kwCzR0hTQS1qcDU3LTR4MzQtNXY5NM4AAlES

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server allows users with a session ID to revoke another users' session GSA_kwCzR0hTQS1oNTY0LTZnYzItZmNjNs4AAlED

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page GSA_kwCzR0hTQS05eDh4LXc2ZzUtaHg0d84AAlEO

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server exposes team creator's e-mail address to other members GSA_kwCzR0hTQS0zNWM0LTVxZnAtd3hqNs4AAlEP

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider GSA_kwCzR0hTQS13OGNjLTNoN3EtamhjM84AAlEJ

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server does not prevent System Admin from arbitrary file creation GSA_kwCzR0hTQS05cnI1LXE0M3ItY2N2NM4AAlEN

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to Path Traversal when files are stored locally GSA_kwCzR0hTQS1oanFoLWo2cmotZ2g4cc4AAlEM

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to XSS through author_link field in Slack attachments GSA_kwCzR0hTQS00OThqLXd4d3ctajg5N84AAlEF

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to XSS through crafted links GSA_kwCzR0hTQS1tNzhyLTJ4NnctcXFqcM4AAlDu

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution GSA_kwCzR0hTQS1ybTI0LTI1eG0tOTQ1NM4AAlDq

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to Directory Traversal by System Admins GSA_kwCzR0hTQS04cWc4LWM3bXctNmZqN84AAlDx

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server allows XSS via redirect URL GSA_kwCzR0hTQS0yajljLTc2cHAteGM1cc4AAlD2

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server allows XSS via CSRF GSA_kwCzR0hTQS12dzU3LTU1ZjgtYzczcc4AAlD6

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server has mishandled webhook access control GSA_kwCzR0hTQS05ajlqLW1tMnItOXJmbc4AAlEK

go github.com/mattermost/mattermost-server
High
over 3 years ago

Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names GSA_kwCzR0hTQS1qYzZ3LThyN2Ytdm1wNc4AAlD9

go github.com/mattermost/mattermost-server
Low
over 3 years ago

Mattermost Server allows System Admin to modify LDAP account names and email addresses GSA_kwCzR0hTQS1tajh2LTc3M3ctNXFoas4AAlDn

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server exposes information stored by a web browser GSA_kwCzR0hTQS01cTM3LTk4NzQtcXhjd84AAlD_

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization GSA_kwCzR0hTQS1oZ3JwLWZnbTgtNTZnOM4AAlD1

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server exposes account details to any Team Administrator GSA_kwCzR0hTQS1nM2YzLXA5cmMtNzc1cM4AAlDy

go github.com/mattermost/mattermost-server
High
over 3 years ago

Mattermost Server does not enforce rate limits on password change attempts GSA_kwCzR0hTQS1xcmY2LWg1ZmMtN205Ns4AAlD8

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server's Session ID and Session Token are potentially compromised GSA_kwCzR0hTQS00M202LXd2YzgtMm03as4AAlDt

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server exposes sensitive information about team URLs via an API GSA_kwCzR0hTQS1xM2c5LWhncngtaHdoeM4AAlEL

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to XSS via a Legal or Support setting GSA_kwCzR0hTQS05anJ4LWZncm0tOTZxaM4AAlDo

go github.com/mattermost/mattermost-server
High
over 3 years ago

Mattermost Server does not check if cookies are used over SSL GSA_kwCzR0hTQS0zNzlwLTM3eGMtcTk2M84AAlEE

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to XSS through lack of link relationship attributes `noreferrer` and `noopener` GSA_kwCzR0hTQS1oM3FnLXc5ajUtd2gzbc4AAlEC

go github.com/mattermost/mattermost-server
High
over 3 years ago

Mattermost Server: initial_load API exposes unnecessary information GSA_kwCzR0hTQS1yOTNqLTNtbXAtcHg1N84AAlDz

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server exposes sensitive information via its System Console UI GSA_kwCzR0hTQS05dzR2LTljOTktaHY3cs4AAlDk

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to Uncontrolled Resource Consumption GSA_kwCzR0hTQS1mZmNjLXFyMnYtM3Ftds4AAlEI

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to Code Injection through its LDAP fields GSA_kwCzR0hTQS03dm13LTZjN2gtcnJyds4AAlD4

go github.com/mattermost/mattermost-server
High
over 3 years ago

Mattermost Server: Insufficient Password-Reset Link Invalidation GSA_kwCzR0hTQS1qMjZnLTk1cGgtMm13ds4AAlEG

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server is vulnerable to XSS through customizable theme color-code values GSA_kwCzR0hTQS1oOHF3LXhxbTktcTY2as4AAlDp

go github.com/mattermost/mattermost-server
Moderate
over 3 years ago

Mattermost Server vulnerable to Cross-site Scripting through file preview feature GSA_kwCzR0hTQS1jZmZqLTd3NWMtanFqaM4AAlDh

go github.com/mattermost/mattermost-server

Filter by Severity

Moderate 63 Low 16 High 11 Critical 6