Mattermost Mattermost_mobile
20 CVEs affecting Mattermost Mattermost_mobile. Latest disclosed: 2025-11-13. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-20852 | High | 7.5 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message cont… |
CVE-2020-14451 | High | 7.5 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMS… |
CVE-2020-14449 | High | 7.5 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018. |
CVE-2019-20848 | High | 7.5 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. |
CVE-2025-1558 | Medium | 6.5 | 2025-03-24 | Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application… |
CVE-2025-20630 | Medium | 6.5 | 2025-01-16 | Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker… |
CVE-2025-20072 | Medium | 6.5 | 2025-01-16 | Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an atta… |
CVE-2025-21083 | Medium | 6.5 | 2025-01-15 | Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. |
CVE-2025-20036 | Medium | 6.5 | 2025-01-15 | Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. |
CVE-2025-59480 | Medium | 6.1 | 2025-11-13 | Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instanc… |
CVE-2024-11358 | Medium | 5.7 | 2024-12-16 | Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file… |
CVE-2019-20850 | Medium | 5.3 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. |
CVE-2019-20849 | Medium | 5.3 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. |
CVE-2024-45833 | Medium | 4.5 | 2024-09-16 | Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the… |
CVE-2025-0476 | Medium | 4.3 | 2025-01-16 | Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any u… |
CVE-2024-39767 | Medium | 4.2 | 2024-07-15 | Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a m… |
CVE-2024-24975 | Low | 3.5 | 2024-03-15 | Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax hi… |
CVE-2024-3872 | Low | 3.1 | 2024-04-16 | Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticat… |
CVE-2024-32945 | Low | 2.6 | 2024-07-15 | Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a… |
CVE-2025-30516 | Low | 2.0 | 2025-04-14 | Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized use… |