Mattermost Program Statistics

View program

20 total issues disclosed

$3,450 total paid publicly

Most disclosed (5 disclosures) — Uncontrolled Resource Consumption

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Posts sent via websockets aren't sanitized properly Improper Input Validation c0rydoras Low 2024-10-01
Member role which doesn't have permission to send message can send by executing channel commands Improper Access Control - Generic ramsakal7582 Medium 2024-05-08
Reflected XSS in OAuth complete endpoints Cross-site Scripting (XSS) - Reflected zerodivisi0n Low 2023-09-28
Reset password link sent over unsecured http protocol Improper Access Control - Generic uchihaluckycs High 2023-05-10
Uninstalling Mattermost Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication Improper Restriction of Authentication Attempts annonmous Low 2023-01-14
DoS via Playbook Uncontrolled Resource Consumption vultza Medium 2022-11-23
DoS via Automatic Response Message Uncontrolled Resource Consumption vultza Medium 2022-11-23
DOS: out of memory from gif through upload api Uncontrolled Resource Consumption catenacyber Low 2022-09-21
DoS via large console messages Uncontrolled Resource Consumption thesecuritydev Low 2022-04-29
Invitation Email is resent as a Reminder after invalidating pending email invites Improper Access Control - Generic mr_anksec Low 2022-04-19
html injection via invite members can be leads account takeover Cross-site Scripting (XSS) - Generic unnamedx Low 2022-03-22
Specially crafted message request crashes the webapp for users who view the message Uncontrolled Resource Consumption thesecuritydev Low 2022-03-14
Bypass Email Verification in Customer Portal None supplied 0dx Low 2022-02-26
Self XSS in Create New Workspace Screen Cross-site Scripting (XSS) - Generic unnamedx Low 2022-02-20
ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT Violation of Secure Design Principles at11zt00 Low 2022-01-05
Account takeover due to misconfiguration Use of a Key Past its Expiration Date akashhamal0x01 Low 2021-09-17
Privilege Escalation leading to post in channel without having privilege Privilege Escalation fuzzsqlb0f Low 2021-09-13
Mattermost Server OAuth Flow Cross-Site Scripting Cross-site Scripting (XSS) - Reflected shielder High 2021-08-06
Persistant Arbitrary code execution in mattermost android Code Injection hulkvision_ High 2021-06-03
[mattermost.com] CORS Misconfiguration leakage of admin users Information Disclosure deb0con No rating 2021-03-19