Security Advisories for github.com/mattermost/mattermost-server in go
Moderate
28 days ago
Mattermost doesn't prevent disclosure of created user password
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
28 days ago
Mattermost doesn't sanitize sensitive configuration fields before including them in support packet generation
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
28 days ago
Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin
go
github.com/mattermost/mattermost-plugin-calls, github.com/mattermost/mattermost-server
Moderate
28 days ago
Mattermost doesn't enforce slash command trigger-word uniqueness during command updates
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
28 days ago
Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
28 days ago
Mattermost doesn't verify channel membership when processing AI-assisted message rewrites
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
28 days ago
Mattermost doesn't validate the Host header when constructing response URLs for custom slash command
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
28 days ago
Mattermost doesn't check the create_post channel permission during post edit operations
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
28 days ago
Mattermost doesn't enforce client identity binding during the OAuth authorization code redemption flow
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
28 days ago
Mattermost doesn't validate 7zip archive structure before processing
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
28 days ago
Mattermost does not verify remote cluster channel access when processing shared channel membership removals
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
28 days ago
Mattermost doesn't limit the size of the request body on the start meeting API endpoint
go
github.com/mattermost/mattermost-plugin-msteams-meetings, github.com/mattermost/mattermost-server
Low
28 days ago
Mattermost doesn't validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
28 days ago
Mattermost doesn't escape some variables that could contain malicious content during error page composition
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
about 1 month ago
Mattermost doesn't validate the response body of proxied images
go
github.com/mattermost/mattermost-server
Low
about 1 month ago
Mattermost doesn't enforce the PostEditTimeLimit on non-message post fields
go
github.com/mattermost/mattermost-server
Low
about 2 months ago
Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace
go
github.com/mattermost/mattermost-server
Moderate
about 2 months ago
Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost doesn't set permissions on downloaded bulk export
go
github.com/mattermost/mattermost-server
Moderate
3 months ago
Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
3 months ago
Mattermost doesn't rate limit login requests, allowing DoS
go
github.com/mattermost/mattermost-server
Low
3 months ago
Mattermost fails to validate user's authentication method when processing account auth type switch
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to properly enforce read permissions in search API endpoints
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to use consistent error responses when handling the /mute command
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to validate team-specific upload_file permissions
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost allows a removed team member to enumerate all public channels within a private team
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to limit the size of responses from integration action endpoints
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to preserve the redacted state of burn-on-read posts during deletion
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to filter invite IDs based on user permissions
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to properly validate User-Agent header tokens
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to bound memory allocation when processing DOC files
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost allows attackers to spoof permalink embeds
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
3 months ago
Mattermost fails to properly handle very long passwords
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
3 months ago
Mattermost fails to bound memory allocation when processing PSD image files
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
4 months ago
Mattermost fails to enforce invite permissions when updating team settings
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
4 months ago
Mattermost fails to properly validate team membership when processing channel mentions
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
4 months ago
Mattermost fails to sanitize sensitive data in WebSocket messages
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
4 months ago
Mattermost fails to properly validate login method restrictions
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
4 months ago
Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts
go
github.com/mattermost/mattermost-server
Low
4 months ago
Mattermost doesn't properly validate channel membership at the time of data retrieval
go
github.com/mattermost/mattermost-server
Moderate
5 months ago
Mattermost is vulnerable to DoS due to infinite re-renders on API errors
go
github.com/mattermost/mattermost-server
Low
5 months ago
Mattermost is vulnerable to CPU exhaustion via crafted HTTP request
go
github.com/mattermost/mattermost-server
Moderate
6 months ago
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
6 months ago
Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
6 months ago
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost
Critical
7 months ago
Mattermost fails to to verify the token used during code exchange
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
7 months ago
Mattermost fails to sanitize team email addresses
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Critical
7 months ago
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
7 months ago
Mattermost allows other users to determine when users had read channels via channel member objects
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
7 months ago
Mattermost allows system administrators to access password hashes and MFA secrets
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
7 months ago
Mattermost allows regular users to access archived channel content and files
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
7 months ago
Mattermost does not enforce MFA on WebSocket connections
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
7 months ago
Mattermost fails to properly restrict access to archived channel search API
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server, github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Moderate
7 months ago
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
7 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server, github.com/mattermost/mattermost, github.com/mattermost/mattermost/server/v8
Low
8 months ago
Mattermost has an Observable Timing Discrepancy vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
8 months ago
Mattermost has an Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
8 months ago
Mattermost has a Missing Authorization vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
High
9 months ago
Mattermost Path Traversal vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
9 months ago
Mattermost boards plugin fails to restrict download access to files
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-plugin-boards
High
9 months ago
Mattermost Open Redirect vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
9 months ago
Mattermost makes Use of Weak Hash
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
9 months ago
Mattermost Open Redirect vulnerability
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
10 months ago
Mattermost Fails to Sanitize File Names
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
10 months ago
Mattermost has Potential Server Crash due to Unvalidated Import Data
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
10 months ago
Mattermost Fails to Sanitize Path Traversal Sequences
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
10 months ago
Mattermost Fails to Validate Remote Cluster Upload Sessions
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
10 months ago
Mattermost Fails to Validate File Paths
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
10 months ago
Mattermost Fails to Properly Validate Team Role Modification
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
10 months ago
Mattermost Lack of Access Control Validation
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
10 months ago
Mattermost Does Not Sanitize the Team Invite ID
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
10 months ago
Mattermost Server SSRF Vulnerability via the Agents Plugin
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
11 months ago
Mattermost has Insufficiently Protected Credentials
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
11 months ago
Mattermost Path Traversal vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
11 months ago
Mattermost Missing Authentication for Critical Function
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
12 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
12 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
12 months ago
Mattermost allows an unauthorized Guest user access to Playbook
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
12 months ago
Mattermost allows unauthorized channel member management through playbook runs
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Critical
12 months ago
Mattermost allows authenticated users to write files to arbitrary locations
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
about 1 year ago
Mattermost allows authenticated administrator to execute LDAP search filter injection
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
about 1 year ago
Mattermost allows guest users to view information about public teams they are not members of
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
about 1 year ago
Mattermost Fails to Restrict Certain Operations on System Admins
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
about 1 year ago
Mattermost allows members with permission to convert public channels to private and convert private to public
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Moderate
about 1 year ago
Mattermost Fails to Properly Perform Viewer Role Authorization
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
about 2 years ago
Mattermost allows team admins to promote guests to team admins
go
github.com/mattermost/mattermost-server
Low
about 2 years ago
Mattermost fails to fully validate role changes
go
github.com/mattermost/mattermost-server
Low
about 2 years ago
Mattermost fails to limit the size of a request path
go
github.com/mattermost/mattermost-server
Moderate
about 2 years ago
Mattermost crashes web clients via a malformed custom status
go
github.com/mattermost/mattermost-server
Moderate
about 2 years ago
Mattermost's detailed error messages reveal the full file path
go
github.com/mattermost/mattermost-server
Moderate
about 2 years ago
Mattermost fails to limit the number of active sessions
go
github.com/mattermost/mattermost-server
Low
over 2 years ago
Mattermost Server Resource Exhaustion
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Moderate
about 3 years ago
Mattermost vulnerable to cross-site scripting (XSS)
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Moderate
about 3 years ago
Mattermost vulnerable to information disclosure
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Moderate
about 3 years ago
Mattermost fails to properly authentication inviter's permissions to private channel
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Moderate
about 3 years ago
Mattermost vulnerable to information disclosure
go
github.com/mattermost/mattermost-server, github.com/mattermost/mattermost-server/v6