Mattermost Server

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mattermost:mattermost_server:9.10.0:*:*:*:*:*:*:*

part: a version: 9.10.0 update: *

VendorMattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc)
ProductMattermost Server (657bc445-594e-5ca1-a676-4f18538f1c02)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-43780 vulnerable 2026-06-03 14:56:46.850976 Unauthorized channel file upload
MEDIUM (4.3)
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.
Published: 2024-08-22T15:17:11.947Z
Updated: 2024-08-22T16:06:25.703Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-42497 vulnerable 2026-06-03 14:56:42.757650 Insufficient permissions checks on teams
MEDIUM (6)
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.
Published: 2024-08-22T15:17:11.468Z
Updated: 2024-08-22T15:31:45.824Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-40884 vulnerable 2026-06-03 14:56:33.677053 Unauthorized disabling of invite URL
LOW (2.7)
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.
Published: 2024-08-22T15:17:10.938Z
Updated: 2024-08-22T18:08:37.730Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.