Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail…

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled insta…

An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet ac…

An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute …

An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib inject…

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attac…

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory …

An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause…

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV inj…

An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as co…

An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal vi…

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follo…

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage …

An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superflu…

An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypas…

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of…

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset …

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attacker…

An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reuse…

An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authen…

An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypasse…

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows …

An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allow…

An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial …

An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private chan…

An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnec…

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an…

An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sig…

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked f…

An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce…

An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attack…

An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies al…

An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attack…

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows at…

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows …

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdo…

An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a deni…

An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a deni…

An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a deni…

An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denia…