Mattermost

Mattermost Server

422 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.21%
  • Veröffentlicht 20.06.2025 14:31:48
  • Zuletzt bearbeitet 08.07.2025 14:31:06

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Me...

  • EPSS 0.7%
  • Veröffentlicht 20.06.2025 10:27:13
  • Zuletzt bearbeitet 08.07.2025 17:59:42

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem...

  • EPSS 0.19%
  • Veröffentlicht 11.06.2025 10:25:04
  • Zuletzt bearbeitet 08.07.2025 19:42:06

Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api...

  • EPSS 0.24%
  • Veröffentlicht 11.06.2025 10:22:24
  • Zuletzt bearbeitet 08.07.2025 17:59:16

Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to e...

  • EPSS 0.19%
  • Veröffentlicht 30.05.2025 14:22:09
  • Zuletzt bearbeitet 15.10.2025 14:16:49

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access tok...

  • EPSS 0.19%
  • Veröffentlicht 30.05.2025 14:22:09
  • Zuletzt bearbeitet 08.07.2025 17:11:34

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not...

  • EPSS 0.21%
  • Veröffentlicht 30.05.2025 14:22:08
  • Zuletzt bearbeitet 15.10.2025 14:15:03

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public chann...

  • EPSS 0.18%
  • Veröffentlicht 30.05.2025 14:22:08
  • Zuletzt bearbeitet 15.10.2025 14:15:37

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the G...

  • EPSS 0.27%
  • Veröffentlicht 29.05.2025 15:10:36
  • Zuletzt bearbeitet 03.10.2025 14:02:57

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and mod...

  • EPSS 0.28%
  • Veröffentlicht 15.05.2025 15:27:50
  • Zuletzt bearbeitet 06.10.2025 15:22:43

Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true ...