GO-2022-0540: Mattermost users could access some sensitive information via API call in github.com/mattermost/mattermost-server
GO-2024-2444: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
GO-2024-2446: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
GO-2024-2448: Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server
GO-2024-2450: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
GO-2024-2541: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server
GO-2024-2566: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server
GO-2024-2588: Mattermost race condition in github.com/mattermost/mattermost-server
GO-2024-2589: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server
GO-2024-2590: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
GO-2024-2591: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server
GO-2024-2592: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server
GO-2024-2593: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server
GO-2024-2594: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
GO-2024-2595: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
GO-2024-2635: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server
GO-2024-2695: Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server
GO-2024-2696: Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server
GO-2024-2706: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-2707: Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server
GO-2024-3020: Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling in github.com/mattermost/mattermost-server
GO-2024-3022: Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
GO-2024-3023: Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
GO-2024-3024: Mattermost allows a user on a remote to set their remote username prop to an arbitrary string in github.com/mattermost/mattermost-server
GO-2024-3025: Mattermost failed to disallow the modification of local users when syncing users in shared channels in github.com/mattermost/mattermost-server
GO-2024-3028: Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel in github.com/mattermost/mattermost-server
GO-2024-3030: Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server
GO-2024-3031: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
GO-2024-3032: Mattermost did not properly restrict channel creation in github.com/mattermost/mattermost-server
GO-2024-3089: Mattermost allows guest user with read access to upload files to a channel in github.com/mattermost/mattermost-server
GO-2024-3090: Mattermost allows team admin user without "Add Team Members" permission to disable invite URL in github.com/mattermost/mattermost-server
GO-2024-3091: Mattermost allows user with systems manager role with read-only access to teams to perform write operations on teams in github.com/mattermost/mattermost-server
GO-2024-3092: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
GO-2024-3093: Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server
GO-2024-3094: Mattermost doesn't restrict which roles can promote a user as system admin in github.com/mattermost/mattermost-server
GO-2024-3096: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
GO-2024-3097: Mattermost Cross-Site Request Forgery vulnerability in github.com/mattermost/mattermost-server
GO-2024-3164: Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events in github.com/mattermost/mattermost-server
GO-2024-3227: Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
GO-2024-3232: Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server
GO-2024-3233: Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery in github.com/mattermost/mattermost-server
GO-2024-3234: Mattermost Server vulnerable to application crash from attacker-generated large response in github.com/mattermost/mattermost-server
GO-2024-3235: Mattermost server allows authenticated user to delete arbitrary post in github.com/mattermost/mattermost-server