store

package
Go to main page

Versions in this module

v5
v5.39.3
Dec 15, 2021 GO-2022-0540 +49 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.39.2
Nov 2, 2021 GO-2022-0540 +49 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.39.1
Oct 20, 2021 GO-2022-0540 +49 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.39.0
Sep 8, 2021 GO-2022-0540 +49 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.38.4
Nov 2, 2021 GO-2022-0540 +50 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.38.3
Oct 20, 2021 GO-2022-0540 +50 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.38.2
Aug 25, 2021 GO-2022-0540 +50 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.38.1
Aug 18, 2021 GO-2022-0540 +50 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.38.0
Aug 16, 2021 GO-2022-0540 +50 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelMemberHistoryStore
type PostStore
type PreferenceStore
type ReactionStore
type RetentionPolicyStore
type ThreadStore
type TokenStore
v5.37.10
Aug 31, 2022 GO-2022-0540 +50 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.9
Mar 9, 2022 GO-2022-0540 +50 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.8
Feb 2, 2022 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.7
Jan 18, 2022 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.6
Dec 15, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.5
Nov 23, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.4
Nov 12, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.3
Oct 20, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.2
Aug 25, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.1
Jul 28, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.37.0
Jul 13, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type LicenseStore
type StatusStore
type ThreadStore
v5.36.2
Jul 29, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.36.1
Jun 17, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.36.0
Jun 10, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelSearchOpts
type PostStore
type SharedChannelStore
type Store
type TeamStore
type ThreadStore
type UserStore
v5.35.5
Jul 28, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.35.4
Jun 17, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.35.3
Jun 10, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.35.2
Jun 2, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.35.1
May 17, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.35.0
May 12, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelStore
type ErrConflict
type ErrInvalidInput
type ErrNotFound
type FileInfoStore
type JobStore
type PostStore
type ReactionStore
type Store
v5.34.5
Jun 17, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.34.4
Jun 10, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.34.3
May 23, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.34.2
Apr 16, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.34.1
Apr 15, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.34.0
Apr 13, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ErrNotFound
type FileInfoStore
type ThreadStore
v5.33.5
Jun 10, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.33.4
May 23, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.33.3
Mar 25, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.33.2
Mar 24, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.33.1
Mar 18, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.33.0
Mar 15, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ThreadStore
type UserStore
v5.32.1
Feb 17, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.32.0
Feb 10, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type FileInfoStore
v5.31.9
Jul 28, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.8
Jun 22, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.7
Jun 11, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.6
Jun 9, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.5
May 11, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.4
Apr 7, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.3
Apr 1, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.2
Mar 24, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.1
Feb 4, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.31.0
Jan 14, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.30.3
Jan 14, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.30.2
Jan 14, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.30.1
Dec 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.30.0
Dec 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelStore
type FileInfoStore
type ThreadStore
type UserStore
v5.29.2
Jan 16, 2021 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.29.1
Dec 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ThreadStore
v5.29.1-rc3
Dec 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.29.1-rc2
Dec 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.29.0
Nov 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type Store
v5.29.0-rc4
Dec 1, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.29.0-rc3
Nov 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.29.0-rc2
Nov 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.29.0-rc1
Oct 31, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.28.2
Dec 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.28.1
Oct 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.28.1-rc2
Oct 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.28.1-rc1
Oct 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.28.0
Oct 15, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type Store
type SystemStore
type UserStore
v5.28.0-rc2
Oct 13, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.28.0-rc1
Oct 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.27.2
Dec 1, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.27.1
Oct 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.27.1-rc1
Oct 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.27.0
Sep 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type JobStore
type OpenTracingLayerJobStore
type TimerLayerJobStore
v5.27.0-rc2
Sep 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.27.0-rc1
Aug 26, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.2
Sep 3, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.2-rc1
Sep 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.1
Aug 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.1-rc3
Aug 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.1-rc2
Aug 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.1-rc1
Aug 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.0
Aug 11, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelSearchOpts
type ChannelStore
type OpenTracingLayerChannelStore
type OpenTracingLayerPostStore
type OpenTracingLayerSessionStore
type OpenTracingLayerSystemStore
type OpenTracingLayerUserStore
type PostStore
type SessionStore
type StoreResult
type SystemStore
type TimerLayerChannelStore
type TimerLayerPostStore
type TimerLayerSessionStore
type TimerLayerSystemStore
type TimerLayerUserStore
type UserStore
v5.26.0-rc2
Aug 11, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.26.0-rc1
Aug 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.6
Nov 9, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.6-rc2
Nov 9, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.6-rc1
Nov 3, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.5
Sep 3, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.5-rc1
Sep 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.4
Aug 25, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.4-rc4
Aug 25, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.4-rc3
Aug 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.4-rc2
Aug 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.4-rc1
Aug 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.3
Aug 11, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.3-rc1
Aug 11, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.2
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.2-rc1
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.1
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.1-rc1
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.0
Jul 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.0-rc2
Jul 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.25.0-rc1
Jun 29, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.3
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.3-rc1
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.2
Jun 26, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.2-rc1
Jun 26, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.1
Jun 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.1-rc1
Jun 18, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.0
Jun 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelStore
type GroupStore
type OpenTracingLayerChannelStore
type OpenTracingLayerGroupStore
type OpenTracingLayerPostStore
type OpenTracingLayerSchemeStore
type OpenTracingLayerSessionStore
type OpenTracingLayerTeamStore
type OpenTracingLayerUserStore
type SessionStore
type Store
type TeamStore
type TimerLayerChannelStore
type TimerLayerGroupStore
type TimerLayerPostStore
type TimerLayerSchemeStore
type TimerLayerSessionStore
type TimerLayerTeamStore
type TimerLayerUserStore
type UserStore
v5.24.0-rc4
Jun 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.0-rc3
Jun 11, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.0-rc2
Jun 9, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.24.0-rc1
Jun 3, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.2
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.2-rc1
Jul 23, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.1
Jun 1, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.1-rc1
Jun 1, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.0
May 12, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type OpenTracingLayerUserStore
type Store
type TimerLayerUserStore
type UserStore
v5.23.0-rc4
May 12, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.0-rc3
May 6, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.0-rc2
May 1, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.23.0-rc1
Apr 30, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.3
May 9, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.3-rc1
May 9, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.2
May 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.2-rc1
May 2, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.1
Apr 22, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.1-rc1
Apr 22, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.0
Apr 15, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelStore
type FileInfoStore
type GroupStore
type PostStore
type RoleStore
type SchemeStore
type Store
type TeamStore
type TimerLayer
type TimerLayerChannelStore
type TimerLayerFileInfoStore
type TimerLayerGroupStore
type TimerLayerPluginStore
type TimerLayerPostStore
type TimerLayerRoleStore
type TimerLayerTeamStore
type TimerLayerUserStore
type UserStore
v5.22.0-rc3
Apr 14, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.0-rc2
Apr 13, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.22.0-rc1
Apr 3, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.21.0
Mar 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.21.0-rc3
Mar 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.21.0-rc2
Mar 10, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.21.0-rc1
Feb 28, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.2
Feb 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.2-rc1
Feb 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.1
Feb 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.1-rc1
Feb 16, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.0
Feb 14, 2020 GO-2022-0540 +51 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
type ChannelStore
type GroupStore
type TeamStore
type TimerLayerChannelStore
type TimerLayerGroupStore
type TimerLayerPluginStore
type TimerLayerTeamStore
type TimerLayerUserStore
type UserStore
v5.20.0-rc5
Feb 13, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.0-rc4
Feb 12, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.0-rc3
Feb 5, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.0-rc2
Feb 4, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.20.0-rc1
Jan 30, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.3
May 14, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.3-rc1
May 14, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.2
Apr 20, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.1
Jan 17, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.1-rc1
Jan 17, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.0
Jan 14, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.0-rc3
Jan 14, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.0-rc2
Jan 3, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.19.0-rc1
Dec 19, 2019 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.2
Jan 16, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.2-rc1
Jan 16, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.1
Jan 7, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.1-rc1
Jan 7, 2020 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.0
Dec 13, 2019 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Changes in this version
v5.18.0-rc4
Dec 13, 2019 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.0-rc3
Dec 13, 2019 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.0-rc2
Dec 12, 2019 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.0-rc1
Dec 3, 2019 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
v5.18.0-rc.test
Nov 22, 2019 GO-2022-0540 +52 more
Alert  GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
Alert  GO-2022-0576: Insecure plugin handling in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0595: Resource exhaustion in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0599: Improper Control of a Resource Through its Lifetime in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0604: Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2022-0616: Improper Privilege Management in Mattermost in github.com/mattermost/mattermost-server
Alert  GO-2023-1939: Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
Alert  GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Alert  GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
Alert  GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
Alert  GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
Alert  GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
Alert  GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Alert  GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
Alert  GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
Alert  GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
Alert  GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Alert  GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
Alert  GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
Alert  GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
Alert  GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
Alert  GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
Alert  GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
Alert  GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
Alert  GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
Alert  GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
Alert  GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
Alert  GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
Alert  GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
Alert  GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
Alert  GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
Alert  GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
Alert  GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
Alert  GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
Alert  GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
Alert  GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
Alert  GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
Alert  GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
Alert  GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
Alert  GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server
Alert  GO-2024-3334: Mattermost Server Resource Exhaustion in github.com/mattermost/mattermost-server
Alert  GO-2024-3337: Mattermost Improper Validation of Specified Type of Input vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3338: Mattermost Race Condition vulnerability in github.com/mattermost/mattermost-server
Alert  GO-2024-3340: Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server

Other modules containing this package

github.com/mattermost/mattermost-server
github.com/mattermost/mattermost-server/v6

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.