Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.1%
  • Veröffentlicht 26.06.2026 14:44:58
  • Zuletzt bearbeitet 29.06.2026 19:26:34

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in st...

  • EPSS 0.33%
  • Veröffentlicht 26.06.2026 14:43:51
  • Zuletzt bearbeitet 26.06.2026 16:16:37

Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI A...

  • EPSS 0.19%
  • Veröffentlicht 26.06.2026 14:42:24
  • Zuletzt bearbeitet 29.06.2026 19:27:20

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled ...

  • EPSS 0.23%
  • Veröffentlicht 22.06.2026 13:41:28
  • Zuletzt bearbeitet 26.06.2026 16:39:58

Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisor...

  • EPSS 0.15%
  • Veröffentlicht 22.06.2026 13:40:07
  • Zuletzt bearbeitet 23.06.2026 20:50:26

Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from cha...

  • EPSS 0.18%
  • Veröffentlicht 22.06.2026 13:38:56
  • Zuletzt bearbeitet 23.06.2026 20:49:21

Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira i...

  • EPSS 0.19%
  • Veröffentlicht 22.06.2026 13:37:44
  • Zuletzt bearbeitet 23.06.2026 20:48:34

Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot ac...

  • EPSS 0.2%
  • Veröffentlicht 22.06.2026 13:36:43
  • Zuletzt bearbeitet 23.06.2026 20:47:36

Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSo...

  • EPSS 0.17%
  • Veröffentlicht 22.06.2026 13:34:21
  • Zuletzt bearbeitet 23.06.2026 20:50:51

Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab connect}} command handler, which allows any authenticate...

  • EPSS 0.2%
  • Veröffentlicht 15.06.2026 14:06:21
  • Zuletzt bearbeitet 16.06.2026 17:18:55

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a ver...