Mattermost

Mattermost

180 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-24920

  • EPSS 0.06%
  • Veröffentlicht 21.03.2025 08:25:44
  • Zuletzt bearbeitet 27.03.2025 14:10:53

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels

6.5

CVE-2025-30179

  • EPSS 0.05%
  • Veröffentlicht 21.03.2025 08:24:57
  • Zuletzt bearbeitet 27.03.2025 14:45:47

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries.

8.8

CVE-2025-25274

  • EPSS 0.09%
  • Veröffentlicht 21.03.2025 08:24:13
  • Zuletzt bearbeitet 27.03.2025 15:01:59

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.

4.3

CVE-2025-27933

  • EPSS 0.05%
  • Veröffentlicht 21.03.2025 08:23:20
  • Zuletzt bearbeitet 27.03.2025 14:55:25

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public

2.7

CVE-2025-27715

  • EPSS 0.04%
  • Veröffentlicht 21.03.2025 08:22:25
  • Zuletzt bearbeitet 27.03.2025 15:01:03

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.

4.3

CVE-2025-1472

  • EPSS 0.05%
  • Veröffentlicht 19.03.2025 14:11:03
  • Zuletzt bearbeitet 01.10.2025 18:05:48

Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics.

3.3

CVE-2025-1398

  • EPSS 0.02%
  • Veröffentlicht 17.03.2025 14:19:51
  • Zuletzt bearbeitet 25.09.2025 19:14:25

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

6.5

CVE-2025-20051

  • EPSS 0.14%
  • Veröffentlicht 24.02.2025 08:15:10
  • Zuletzt bearbeitet 18.08.2025 18:22:38

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially...

6.5

CVE-2025-24490

  • EPSS 0.11%
  • Veröffentlicht 24.02.2025 08:15:10
  • Zuletzt bearbeitet 01.10.2025 18:03:04

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allows an attacker to retrieve data from the database, via a SQL injection when reo...

4.3

CVE-2025-24526

  • EPSS 0.06%
  • Veröffentlicht 24.02.2025 08:15:10
  • Zuletzt bearbeitet 01.10.2025 18:03:20

Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to expo...