Mattermost

Mattermost Server

422 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.31%
  • Veröffentlicht 16.10.2025 08:24:25
  • Zuletzt bearbeitet 21.10.2025 18:02:51

Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/m...

  • EPSS 0.31%
  • Veröffentlicht 16.10.2025 08:20:06
  • Zuletzt bearbeitet 21.10.2025 17:49:14

Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless ...

  • EPSS 0.25%
  • Veröffentlicht 16.10.2025 08:17:20
  • Zuletzt bearbeitet 21.10.2025 17:58:02

Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on...

  • EPSS 0.29%
  • Veröffentlicht 16.10.2025 08:15:35
  • Zuletzt bearbeitet 29.10.2025 08:15:30

Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_...

  • EPSS 0.25%
  • Veröffentlicht 19.09.2025 19:36:14
  • Zuletzt bearbeitet 25.09.2025 20:14:59

Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration

  • EPSS 0.6%
  • Veröffentlicht 19.09.2025 19:22:00
  • Zuletzt bearbeitet 25.09.2025 20:16:04

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to pre...

  • EPSS 0.16%
  • Veröffentlicht 15.09.2025 10:28:17
  • Zuletzt bearbeitet 16.09.2025 16:00:26

Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cook...

  • EPSS 0.16%
  • Veröffentlicht 15.09.2025 10:22:30
  • Zuletzt bearbeitet 16.09.2025 15:59:24

Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs

  • EPSS 0.24%
  • Veröffentlicht 15.09.2025 10:15:32
  • Zuletzt bearbeitet 20.09.2025 02:52:38

Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This...

  • EPSS 0.14%
  • Veröffentlicht 15.09.2025 10:15:32
  • Zuletzt bearbeitet 16.09.2025 15:58:12

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previ...