Versions in this module
v5
Dec 15, 2021 GO-2022-0540 +45 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 2, 2021 GO-2022-0540 +45 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 20, 2021 GO-2022-0540 +45 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Sep 8, 2021 GO-2022-0540 +45 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 2, 2021 GO-2022-0540 +46 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 20, 2021 GO-2022-0540 +46 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 25, 2021 GO-2022-0540 +46 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2021 GO-2022-0540 +46 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 16, 2021 GO-2022-0540 +46 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 31, 2022 GO-2022-0540 +46 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mar 9, 2022 GO-2022-0540 +46 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Feb 2, 2022 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jan 18, 2022 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 15, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 23, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 12, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 20, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 25, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 28, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 13, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 29, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 17, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 10, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 28, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 17, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 10, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 2, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 17, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 12, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 17, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 10, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 23, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 16, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 15, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 13, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 10, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 23, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mar 25, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mar 24, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mar 18, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mar 15, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Changes in this version
Feb 17, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Feb 10, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Changes in this version
type SearchEngineInterface
Jul 28, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 22, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 11, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 9, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 11, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 7, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 1, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Mar 24, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Feb 4, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jan 14, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jan 14, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jan 14, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jan 16, 2021 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 10, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 1, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 10, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 10, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 31, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 15, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 13, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Dec 1, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Oct 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Sep 10, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Sep 10, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 26, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Sep 3, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Sep 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 11, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Changes in this version
type SearchEngineInterface
Aug 11, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 9, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 9, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Nov 3, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Sep 3, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Sep 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 25, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 25, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 11, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Aug 11, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 10, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 10, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 29, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 26, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 26, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 18, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Changes in this version
type Broker
Jun 16, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 11, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 9, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 3, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jul 23, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 1, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Jun 1, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 12, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 12, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 6, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 1, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 30, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 9, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 9, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
May 2, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 22, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 22, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 15, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Changes in this version
Apr 14, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 13, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Apr 3, 2020 GO-2022-0540 +47 more
GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server