Mattermost

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:android:*:*

part: a version: * update: *

VendorMattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc)
ProductMattermost (fd9a4a2e-f26d-5cef-a4c3-f85b0b13d8ea)
Edition*
Language*
Software edition*
Target softwareandroid
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/mattermost/mattermost-server purl2cpe 2026-06-01 10:18:19.730057

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-7114 vulnerable 2026-06-03 14:54:00.001329 Details available
HIGH (7.1)
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
Published: 2023-12-29T12:46:22.501Z
Updated: 2024-09-09T17:28:54.020Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5522 vulnerable 2026-06-03 14:53:48.901257 Mobile app freezes when receiving a post with hundreds of emojis
MEDIUM (4.3)
Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. 
Published: 2023-10-17T09:41:14.833Z
Updated: 2024-09-05T19:58:49.574Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-20851 vulnerable 2026-06-03 14:40:17.740780 Details available
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
Published: 2020-06-19T14:02:54.000Z
Updated: 2024-08-05T02:53:09.404Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.