Github.Com Mattermost Mattermost-Server vulnerabilities

222 known vulnerabilities affecting github.com/mattermost_mattermost-server.

Total CVEs

222

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL10HIGH18MEDIUM100LOW22UNKNOWN72

Vulnerabilities

Page 6 of 12

CVE-2025-24526UNKNOWN≥ 9.11.0-rc1+incompatible, < 9.11.8+incompatible≥ 10.2.0-rc1+incompatible, < 10.2.3+incompatible+2 more2025-03-03

CVE-2025-24526 Mattermost fails to restrict channel export of archived channels in github.com/mattermost/mattermost-server Mattermost fails to restrict channel export of archived channels in github.com/mattermost/mattermost-server Mattermost fails to restrict channel export of archived channels in github.com/mattermost/mattermost-server

osv

CVE-2025-25279UNKNOWN≥ 9.11.0-rc1+incompatible, < 9.11.8+incompatible≥ 10.2.0-rc1+incompatible, < 10.2.3+incompatible+2 more2025-03-03

CVE-2025-25279 Mattermost allows reading arbitrary files related to importing boards in github.com/mattermost/mattermost-server Mattermost allows reading arbitrary files related to importing boards in github.com/mattermost/mattermost-server Mattermost allows reading arbitrary files related to importing boards in github.com/mattermost/mattermost-server

osv

CVE-2025-20051UNKNOWN≥ 9.11.0-rc1+incompatible, < 9.11.8+incompatible≥ 10.2.0-rc1+incompatible, < 10.2.3+incompatible+2 more2025-03-03

CVE-2025-20051 Mattermost allows reading arbitrary files in github.com/mattermost/mattermost-server Mattermost allows reading arbitrary files in github.com/mattermost/mattermost-server Mattermost allows reading arbitrary files in github.com/mattermost/mattermost-server

osv

CVE-2025-20621UNKNOWN≥ 9.11.0+incompatible, < 9.11.6+incompatible≥ 10.0.0+incompatible, < 10.0.4+incompatible+2 more2025-01-17

CVE-2025-20621 Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server

osv

CVE-2025-20088UNKNOWN≥ 9.11.0+incompatible, < 9.11.6+incompatible≥ 10.0.0+incompatible, < 10.0.4+incompatible+2 more2025-01-16

CVE-2025-20088 Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server

osv

CVE-2025-21088UNKNOWN≥ 9.11.0+incompatible, < 9.11.6+incompatible≥ 10.0.0+incompatible, < 10.0.4+incompatible+2 more2025-01-16

CVE-2025-21088 Mattermost Incorrect Type Conversion or Cast in github.com/mattermost/mattermost-server Mattermost Incorrect Type Conversion or Cast in github.com/mattermost/mattermost-server Mattermost Incorrect Type Conversion or Cast in github.com/mattermost/mattermost-server

osv

CVE-2025-20086UNKNOWN≥ 9.11.0+incompatible, < 9.11.6+incompatible≥ 10.0.0+incompatible, < 10.0.4+incompatible+2 more2025-01-16

CVE-2025-20086 Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server Mattermost fails to properly validate post props in github.com/mattermost/mattermost-server

osv

CVE-2025-22449UNKNOWN≥ 9.11.0+incompatible2025-01-09

CVE-2025-22449 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability s

osv

CVE-2025-22445UNKNOWN≥ 0, < 10.3.0+incompatible2025-01-09

CVE-2025-22445 Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If th

osv

CVE-2025-20033UNKNOWN≥ 10.0.0+incompatible, < 10.0.4+incompatible≥ 10.1.0+incompatible, < 10.1.4+incompatible+1 more2025-01-09

CVE-2025-20033 Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versi

osv

CVE-2024-54083UNKNOWN≥ 9.5.0+incompatible, < 9.5.13+incompatible≥ 9.11.0+incompatible, < 9.11.5+incompatible+2 more2024-12-18

CVE-2024-54083 Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server

osv

CVE-2024-48872UNKNOWN≥ 9.5.0+incompatible, < 9.5.13+incompatible≥ 9.11.0+incompatible, < 9.11.5+incompatible+2 more2024-12-18

CVE-2024-48872 Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server

osv

CVE-2024-54682UNKNOWN≥ 9.5.0+incompatible, < 9.5.13+incompatible≥ 9.11.0+incompatible, < 9.11.5+incompatible+2 more2024-12-18

CVE-2024-54682 Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server

osv

CVE-2024-40884UNKNOWN≥ 9.5.0+incompatible, < 9.5.8+incompatible≥ 9.10.0+incompatible, < 9.10.1+incompatible2024-08-30

CVE-2024-40884 Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server

osv

CVE-2024-8071UNKNOWN≥ 9.5.0+incompatible, < 9.5.8+incompatible≥ 9.8.0+incompatible, < 9.8.3+incompatible+2 more2024-08-30

CVE-2024-8071 Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server

osv

CVE-2024-39777UNKNOWN≥ 9.5.0+incompatible, < 9.5.7+incompatible≥ 9.7.0+incompatible, < 9.7.6+incompatible+2 more2024-08-30

CVE-2024-39777 Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server

osv

CVE-2024-32939UNKNOWN≥ 9.5.0+incompatible, < 9.5.8+incompatible≥ 9.8.0+incompatible, < 9.8.3+incompatible+2 more2024-08-30

CVE-2024-32939 Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server

osv

CVE-2024-43780UNKNOWN≥ 9.5.0+incompatible, < 9.5.8+incompatible≥ 9.8.0+incompatible, < 9.8.3+incompatible+2 more2024-08-30

CVE-2024-43780 Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server

osv

CVE-2024-40886UNKNOWN≥ 9.5.0+incompatible, < 9.5.8+incompatible≥ 9.8.0+incompatible, < 9.8.3+incompatible+2 more2024-08-30

CVE-2024-40886 Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server

osv

CVE-2024-42497UNKNOWN≥ 9.5.0+incompatible, < 9.5.8+incompatible≥ 9.8.0+incompatible, < 9.8.3+incompatible+2 more2024-08-30

CVE-2024-42497 Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server

osv

← Previous6 / 12Next →