GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
GO-2025-3380: Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server
GO-2025-4031: Guest user can discover active public channels in github.com/mattermost/mattermost-server
GO-2025-4047: Mattermost Server: initial_load API exposes unnecessary information in github.com/mattermost/mattermost-server
GO-2025-4061: Mattermost Server exposes sensitive information about team URLs via an API in github.com/mattermost/mattermost-server
GO-2025-4075: Mattermost Server's OAuth 2.0 service is vulnerable to attack through Missing Authorization in github.com/mattermost/mattermost-server
GO-2025-4126: Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
GO-2025-4128: Mattermost does not enforce MFA on WebSocket connections in github.com/mattermost/mattermost-server
GO-2025-4131: Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server
GO-2025-4146: Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server
GO-2025-4168: Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication in github.com/mattermost/mattermost-server
GO-2025-4169: Mattermost fails to sanitize team email addresses in github.com/mattermost/mattermost-server
GO-2025-4170: Mattermost fails to to verify the token used during code exchange in github.com/mattermost/mattermost-server
GO-2025-4172: Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
GO-2025-4178: Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost
GO-2025-4183: CVE-2017-18870 in github.com/mattermost/mattermost-server
GO-2025-4184: Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server
GO-2025-4189: Mattermost Server is vulnerable to XSS through author_link field in Slack attachments in github.com/mattermost/mattermost-server
GO-2025-4190: Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page in github.com/mattermost/mattermost-server
GO-2025-4197: Mattermost Server exposes OAuth personal access tokens to attackers in github.com/mattermost/mattermost-server
GO-2025-4198: Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider in github.com/mattermost/mattermost-server
GO-2025-4199: Mattermost Server exposes team creator's e-mail address to other members in github.com/mattermost/mattermost-server
GO-2025-4200: Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server
GO-2025-4201: Mattermost Server is vulnerable to webhook and slash command manipulation in github.com/mattermost/mattermost-server
GO-2025-4202: Mattermost Server allows attackers to create buttons that can launch API requests in github.com/mattermost/mattermost-server
GO-2025-4203: Mattermost Server is vulnerable to SQL Injection when executing multiple POST requests in github.com/mattermost/mattermost-server
GO-2025-4204: Mattermost Server does not properly restrict use of slash commands in github.com/mattermost/mattermost-server
GO-2025-4256: Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost
The highest tagged major version is
Documentation
¶
Source Files