Mattermost Server Security Vulnerabilities and Issues — Mattermost Server CVE List

Lucene search

MattermostMattermost Server

6 matches found

cve•added 2023/07/17 4:15 p.m.•2477 views

CVE-2023-3584

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.

3.1CVSS3.6AI score0.00117EPSS

cve•added 2024/04/05 9:15 a.m.•185 views

CVE-2024-21848

Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel

3.1CVSS3.9AI score0.00176EPSS

cve•added 2025/03/21 9:15 a.m.•72 views

CVE-2025-27715

Mattermost versions 9.11.x

3.3CVSS4AI score0.00043EPSS

cve•added 2024/02/09 3:15 p.m.•34 views

CVE-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

3.5CVSS3.7AI score0.0009EPSS

cve•added 2023/07/17 4:15 p.m.•26 views

CVE-2023-3613

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

3.5CVSS3.8AI score0.00117EPSS

cve•added 2025/08/21 8:15 a.m.•12 views

CVE-2025-53971

Mattermost versions 10.5.x <= 10.5.8, 9.11.x

3.8CVSS7.1AI score0.0003EPSS

Web