Mattermost

Mattermost Server

422 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.16%
  • Veröffentlicht 16.02.2026 12:05:33
  • Zuletzt bearbeitet 18.02.2026 20:19:20

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting...

  • EPSS 0.15%
  • Veröffentlicht 16.02.2026 10:16:07
  • Zuletzt bearbeitet 18.02.2026 20:23:34

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in us...

  • EPSS 0.15%
  • Veröffentlicht 16.02.2026 10:16:07
  • Zuletzt bearbeitet 18.02.2026 20:22:51

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint which allows unauthorized users to start Zoom...

  • EPSS 0.17%
  • Veröffentlicht 16.02.2026 09:47:45
  • Zuletzt bearbeitet 18.02.2026 20:20:07

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Adviso...

  • EPSS 0.2%
  • Veröffentlicht 13.02.2026 10:30:03
  • Zuletzt bearbeitet 23.02.2026 15:53:11

Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoin...

  • EPSS 0.24%
  • Veröffentlicht 13.02.2026 10:29:00
  • Zuletzt bearbeitet 18.02.2026 21:34:16

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content a...

  • EPSS 0.27%
  • Veröffentlicht 16.01.2026 11:25:35
  • Zuletzt bearbeitet 20.01.2026 15:06:30

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

  • EPSS 0.32%
  • Veröffentlicht 16.01.2026 08:52:43
  • Zuletzt bearbeitet 20.01.2026 15:11:19

Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens

  • EPSS 0.15%
  • Veröffentlicht 24.12.2025 08:15:46
  • Zuletzt bearbeitet 31.12.2025 18:55:29

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jir...

  • EPSS 0.17%
  • Veröffentlicht 24.12.2025 08:15:45
  • Zuletzt bearbeitet 31.12.2025 18:56:27

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to...