Mattermost

Mattermost Server

422 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.27%
  • Veröffentlicht 16.03.2026 20:10:16
  • Zuletzt bearbeitet 18.03.2026 13:56:03

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket m...

  • EPSS 0.16%
  • Veröffentlicht 16.03.2026 19:53:21
  • Zuletzt bearbeitet 18.03.2026 13:56:31

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542

  • EPSS 0.17%
  • Veröffentlicht 16.03.2026 14:56:45
  • Zuletzt bearbeitet 18.03.2026 13:54:50

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API reque...

  • EPSS 0.15%
  • Veröffentlicht 16.03.2026 14:54:45
  • Zuletzt bearbeitet 18.03.2026 13:54:31

Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different aut...

  • EPSS 0.17%
  • Veröffentlicht 16.03.2026 14:53:31
  • Zuletzt bearbeitet 18.03.2026 13:55:00

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 ...

  • EPSS 0.18%
  • Veröffentlicht 16.03.2026 14:51:43
  • Zuletzt bearbeitet 18.03.2026 13:53:15

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know...

  • EPSS 0.27%
  • Veröffentlicht 16.03.2026 12:59:13
  • Zuletzt bearbeitet 18.03.2026 18:13:33

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a speci...

  • EPSS 0.22%
  • Veröffentlicht 16.03.2026 12:07:14
  • Zuletzt bearbeitet 18.03.2026 17:41:56

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to validate team-specific upload_file permissions which allows a guest user to post files in channels where they lack upload_file permission via uploading files in a tea...

  • EPSS 0.29%
  • Veröffentlicht 16.03.2026 12:04:18
  • Zuletzt bearbeitet 18.03.2026 18:11:16

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advis...

  • EPSS 0.26%
  • Veröffentlicht 16.03.2026 12:02:23
  • Zuletzt bearbeitet 18.03.2026 18:14:11

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Matter...