pkg:Go/github.com/mattermost/mattermost

All known vulnerabilities

• MEDIUM5.5CVE-2024-41144Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
  from 0, < 5.3.2-0.20240619142046-8181a9ddffc0
• MEDIUM5.3CVE-2020-14457Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost
  from 0
• MEDIUM4.3CVE-2025-13324Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost
  >= 10.11.0-rc1+incompatible, < 10.11.5+incompatible, >= 10.12.0+incompatible, < 10.12.2+incompatible, >= 11.0.0-alpha.1+incompatible, < 11.0.4+incompatible
• MEDIUM4.3Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost
  >= 10.12.0, < 10.12.2
• MEDIUM4.3Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
  >= 10.11.0, <= 10.11.4
• MEDIUM4.3Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost
  from 0
• MEDIUM4.3Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
  from 0
• MEDIUM4.3Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
  from 0, < 5.3.2-0.20250815165020-c8d66301415d
• MEDIUM4.1Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
  from 0, < 5.3.2-0.20240628125750-70b218839fa7
• LOW3.1Mattermost has missing redirect URL validation in github.com/mattermost/mattermost
  >= 10.11.0-rc1+incompatible, < 11.1.0+incompatible
• LOW3.1Mattermost has missing redirect URL validation in github.com/mattermost/mattermost
  >= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a1509
• LOW3.1Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost
  >= 10.5.0+incompatible, < 10.5.13+incompatible, >= 10.11.0+incompatible, < 10.11.5+incompatible
• LOW3.1Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost
  >= 10.11.0, < 10.11.5
• LOW3.1Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost
  from 0
• LOW3.1Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost
  from 0, < 5.3.2-0.20250905150616-ba86dfc5876b
• LOW3.0Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost
  >= 11.0.0-alpha.1+incompatible, < 11.1.0+incompatible
• LOW3.0Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost
  from 0, < 10.11.7-0.20251106103514-3b05384dd014
• LOW2.7Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server
  from 0, < 5.3.2-0.20240604093018-5114c3b7cdb8