Mattermost Mattermost_mobile

20 CVEs affecting Mattermost Mattermost_mobile. Latest disclosed: 2025-11-13. Critical: 0, High: 4.

Top CVEs affecting Mattermost Mattermost_mobile
CVESeverityScorePublishedSummary
CVE-2019-20852High7.52020-06-19An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message cont…
CVE-2020-14451High7.52020-06-19An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMS…
CVE-2020-14449High7.52020-06-19An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018.
CVE-2019-20848High7.52020-06-19An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.
CVE-2025-1558Medium6.52025-03-24Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application…
CVE-2025-20630Medium6.52025-01-16Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker…
CVE-2025-20072Medium6.52025-01-16Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an atta…
CVE-2025-21083Medium6.52025-01-15Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-20036Medium6.52025-01-15Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-59480Medium6.12025-11-13Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instanc…
CVE-2024-11358Medium5.72024-12-16Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file…
CVE-2019-20850Medium5.32020-06-19An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVE-2019-20849Medium5.32020-06-19An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVE-2024-45833Medium4.52024-09-16Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the…
CVE-2025-0476Medium4.32025-01-16Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any u…
CVE-2024-39767Medium4.22024-07-15Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a m…
CVE-2024-24975Low3.52024-03-15Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax hi…
CVE-2024-3872Low3.12024-04-16Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticat…
CVE-2024-32945Low2.62024-07-15Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a…
CVE-2025-30516Low2.02025-04-14Mattermost Mobile Apps versions <=2.25.0  fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized use…