pkg:Go/github.com/mattermost/mattermost

18 total CVEsMEDIUM9LOW9

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.5CVE-2024-41144Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
    from 0, < 5.3.2-0.20240619142046-8181a9ddffc0
  • MEDIUM5.3CVE-2020-14457Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
    from 0
  • MEDIUM4.3CVE-2025-13324Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost
    >= 10.11.0-rc1+incompatible, < 10.11.5+incompatible, >= 10.12.0+incompatible, < 10.12.2+incompatible, >= 11.0.0-alpha.1+incompatible, < 11.0.4+incompatible
  • MEDIUM4.3CVE-2025-13324Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost
    >= 10.12.0, < 10.12.2
  • MEDIUM4.3CVE-2025-12756Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
    >= 10.11.0, <= 10.11.4
  • MEDIUM4.3CVE-2025-12756Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
    from 0
  • MEDIUM4.3CVE-2025-11776Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
    from 0
  • MEDIUM4.3CVE-2025-11776Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
    from 0, < 5.3.2-0.20250815165020-c8d66301415d
  • MEDIUM4.1CVE-2024-41162Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
    from 0, < 5.3.2-0.20240628125750-70b218839fa7
  • LOW3.1CVE-2025-62690Mattermost has missing redirect URL validation in github.com/mattermost/mattermost
    >= 10.11.0-rc1+incompatible, < 11.1.0+incompatible
  • LOW3.1CVE-2025-62690Mattermost has missing redirect URL validation in github.com/mattermost/mattermost
    >= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a1509
  • LOW3.1CVE-2025-13870Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost
    >= 10.5.0+incompatible, < 10.5.13+incompatible, >= 10.11.0+incompatible, < 10.11.5+incompatible
  • LOW3.1CVE-2025-13870Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost
    >= 10.11.0, < 10.11.5
  • LOW3.1CVE-2025-11777Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost
    from 0
  • LOW3.1CVE-2025-11777Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost
    from 0, < 5.3.2-0.20250905150616-ba86dfc5876b
  • LOW3.0CVE-2025-13352Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost
    >= 11.0.0-alpha.1+incompatible, < 11.1.0+incompatible
  • LOW3.0CVE-2025-13352Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost
    from 0, < 10.11.7-0.20251106103514-3b05384dd014
  • LOW2.7CVE-2024-41926Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
    from 0, < 5.3.2-0.20240604093018-5114c3b7cdb8