Mattermost

Mattermost Server

422 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.17%
  • Veröffentlicht 15.05.2026 18:42:47
  • Zuletzt bearbeitet 18.05.2026 18:37:37

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via...

  • EPSS 0.24%
  • Veröffentlicht 15.05.2026 18:32:44
  • Zuletzt bearbeitet 18.05.2026 18:36:00

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under ...

  • EPSS 0.15%
  • Veröffentlicht 15.04.2026 11:00:14
  • Zuletzt bearbeitet 22.04.2026 19:41:52

Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple i...

  • EPSS 0.13%
  • Veröffentlicht 15.04.2026 10:13:33
  • Zuletzt bearbeitet 22.04.2026 19:42:25

Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a...

  • EPSS 0.17%
  • Veröffentlicht 15.04.2026 10:11:07
  • Zuletzt bearbeitet 22.04.2026 19:43:52

Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of ...

  • EPSS 0.31%
  • Veröffentlicht 09.04.2026 10:09:23
  • Zuletzt bearbeitet 25.04.2026 18:02:06

Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost A...

  • EPSS 0.42%
  • Veröffentlicht 26.03.2026 16:29:54
  • Zuletzt bearbeitet 30.03.2026 19:42:39

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON config...

  • EPSS 0.29%
  • Veröffentlicht 26.03.2026 16:28:07
  • Zuletzt bearbeitet 08.06.2026 12:24:28

Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584

  • EPSS 0.23%
  • Veröffentlicht 26.03.2026 16:23:05
  • Zuletzt bearbeitet 30.03.2026 19:40:01

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibil...

  • EPSS 0.34%
  • Veröffentlicht 26.03.2026 16:21:19
  • Zuletzt bearbeitet 30.03.2026 19:40:45

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of ...