Mattermost

Mattermost Server

422 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.11%
  • Veröffentlicht 18.05.2026 08:05:30
  • Zuletzt bearbeitet 18.05.2026 19:11:13

Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient conse...

  • EPSS 0.24%
  • Veröffentlicht 18.05.2026 07:08:56
  • Zuletzt bearbeitet 19.05.2026 17:21:26

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a speci...

  • EPSS 0.15%
  • Veröffentlicht 18.05.2026 07:05:03
  • Zuletzt bearbeitet 29.05.2026 19:11:51

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via di...

  • EPSS 0.15%
  • Veröffentlicht 18.05.2026 07:00:24
  • Zuletzt bearbeitet 29.05.2026 19:11:57

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whi...

  • EPSS 0.14%
  • Veröffentlicht 18.05.2026 06:58:29
  • Zuletzt bearbeitet 19.05.2026 17:37:07

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious ...

  • EPSS 0.14%
  • Veröffentlicht 18.05.2026 06:56:11
  • Zuletzt bearbeitet 19.05.2026 17:23:36

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and re...

  • EPSS 0.15%
  • Veröffentlicht 18.05.2026 06:53:29
  • Zuletzt bearbeitet 19.05.2026 17:34:01

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing p...

  • EPSS 0.24%
  • Veröffentlicht 18.05.2026 06:51:47
  • Zuletzt bearbeitet 18.05.2026 19:17:11

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a c...

  • EPSS 0.15%
  • Veröffentlicht 18.05.2026 06:50:07
  • Zuletzt bearbeitet 18.05.2026 19:17:19

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious r...

  • EPSS 0.12%
  • Veröffentlicht 18.05.2026 06:33:56
  • Zuletzt bearbeitet 29.05.2026 19:11:30

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different clien...