GCVE - cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:iphone_os:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:iphone_os:*:*

part: a version: * update: *

Vendor	Mattermost (`ed0788ef-af60-58f1-b6aa-68289d9946dc`)
Product	Mattermost (`fd9a4a2e-f26d-5cef-a4c3-f85b0b13d8ea`)
Edition	*
Language	*
Software edition	*
Target software	iphone_os
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/mattermost/mattermost-server`	purl2cpe	2026-06-01 10:18:19.731269

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-7114`	vulnerable	2026-06-03 14:54:00.001898	Details available HIGH (7.1) Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. Published: 2023-12-29T12:46:22.501Z Updated: 2024-09-09T17:28:54.020Z Open on db.gcve.eu Reference links https://mattermost.com/security-updates	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5522`	vulnerable	2026-06-03 14:53:48.901844	Mobile app freezes when receiving a post with hundreds of emojis MEDIUM (4.3) Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. Published: 2023-10-17T09:41:14.833Z Updated: 2024-09-05T19:58:49.574Z Open on db.gcve.eu Reference links https://mattermost.com/security-updates	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3615`	vulnerable	2026-06-03 14:52:41.321180	Lack of server certificate validation in websockets connection HIGH (8.1) Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. Published: 2023-07-17T15:33:25.752Z Updated: 2024-10-30T15:21:49.715Z Open on db.gcve.eu Reference links https://mattermost.com/security-updates	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13891`	vulnerable	2026-06-03 14:41:37.296361	Details available An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. Published: 2020-06-26T16:14:29.000Z Updated: 2024-08-04T12:32:14.331Z Open on db.gcve.eu Reference links https://mattermost.com/security-updates/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-20851`	vulnerable	2026-06-03 14:40:17.741345	Details available An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. Published: 2020-06-19T14:02:54.000Z Updated: 2024-08-05T02:53:09.404Z Open on db.gcve.eu Reference links https://mattermost.com/security-updates/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.