Github.Com Mattermost Mattermost-Server V6 vulnerabilities
47 known vulnerabilities affecting github.com/mattermost_mattermost-server_v6.
Total CVEs
47
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM36LOW8
Vulnerabilities
Page 3 of 3
CVE-2023-47858P4MEDIUM≥ 0, < 7.8.102024-01-02
CVE-2023-47858 [MEDIUM] CWE-284 Mattermost viewing archived public channels permissions vulnerability
Mattermost viewing archived public channels permissions vulnerability
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams//channels/deleted endpoint.
ghsaosv
CVE-2023-4105P4LOW≥ 7.9.0, < 7.9.6≥ 7.10.0, < 7.10.4+1 more2023-08-11
CVE-2023-4105 [LOW] CWE-284 Mattermost fails to correctly delete attachments
Mattermost fails to correctly delete attachments
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message
ghsaosv
CVE-2023-48732P4MEDIUM≥ 0, < 8.1.72024-01-02
CVE-2023-48732 [MEDIUM] CWE-200 Mattermost notified all users in the channel when using WebSockets to respond individually
Mattermost notified all users in the channel when using WebSockets to respond individually
Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.
ghsaosv
CVE-2023-2783P4MEDIUM≥ 7.10.0, < 7.10.1≥ 7.9.0, < 7.9.4+2 more2023-06-16
CVE-2023-2783 [MEDIUM] CWE-862 Mattermost Server Missing Authorization vulnerability
Mattermost Server Missing Authorization vulnerability
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
ghsaosv
CVE-2025-53971P4LOW≥ 0, ≤ 6.7.22025-08-21
CVE-2025-53971 [LOW] CWE-863 Mattermost Fails to Properly Validate Team Role Modification
Mattermost Fails to Properly Validate Team Role Modification
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint.
ghsaosv
CVE-2023-5193P4LOW≥ 0, < 7.8.102023-09-29
CVE-2023-5193 [LOW] CWE-863 Mattermost Incorrect Authorization vulnerability
Mattermost Incorrect Authorization vulnerability
Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
ghsaosv
CVE-2023-5159P4LOW≥ 0, < 7.8.102023-09-29
CVE-2023-5159 [LOW] CWE-863 Mattermost Incorrect Authorization vulnerability
Mattermost Incorrect Authorization vulnerability
Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
ghsaosv
← Previous3 / 3