Mattermost

Mattermost Server

422 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.34%
  • Veröffentlicht 26.03.2026 16:19:32
  • Zuletzt bearbeitet 08.06.2026 12:20:59

Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589

  • EPSS 0.13%
  • Veröffentlicht 26.03.2026 16:18:06
  • Zuletzt bearbeitet 30.03.2026 19:41:30

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost A...

  • EPSS 0.27%
  • Veröffentlicht 26.03.2026 16:16:49
  • Zuletzt bearbeitet 30.03.2026 19:45:27

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted...

  • EPSS 0.14%
  • Veröffentlicht 26.03.2026 10:43:24
  • Zuletzt bearbeitet 26.03.2026 18:48:39

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to ...

  • EPSS 0.12%
  • Veröffentlicht 25.03.2026 16:33:32
  • Zuletzt bearbeitet 26.03.2026 18:49:34

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint, which allows an attacker to trick an admin into ...

  • EPSS 0.35%
  • Veröffentlicht 25.03.2026 16:30:47
  • Zuletzt bearbeitet 26.03.2026 18:54:18

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an ...

  • EPSS 0.18%
  • Veröffentlicht 25.03.2026 16:28:29
  • Zuletzt bearbeitet 26.03.2026 18:51:38

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via a...

  • EPSS 0.31%
  • Veröffentlicht 25.03.2026 16:24:47
  • Zuletzt bearbeitet 26.03.2026 18:52:31

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service (server crash and restart) via HTTP/2 single pack...

  • EPSS 0.2%
  • Veröffentlicht 16.03.2026 20:24:05
  • Zuletzt bearbeitet 18.03.2026 13:56:22

Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or ...

  • EPSS 0.16%
  • Veröffentlicht 16.03.2026 20:19:51
  • Zuletzt bearbeitet 18.03.2026 13:56:13

Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531