Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.17%
  • Veröffentlicht 16.03.2026 11:13:57
  • Zuletzt bearbeitet 18.03.2026 17:43:26

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs...

  • EPSS 0.18%
  • Veröffentlicht 16.03.2026 11:11:07
  • Zuletzt bearbeitet 20.03.2026 18:29:11

Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-0...

  • EPSS 0.17%
  • Veröffentlicht 16.03.2026 11:06:44
  • Zuletzt bearbeitet 18.03.2026 18:27:57

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of serv...

  • EPSS 0.14%
  • Veröffentlicht 02.03.2026 13:24:21
  • Zuletzt bearbeitet 05.03.2026 16:07:40

Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an...

  • EPSS 0.16%
  • Veröffentlicht 16.02.2026 12:25:32
  • Zuletzt bearbeitet 18.02.2026 20:18:01

Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisor...

  • EPSS 0.2%
  • Veröffentlicht 16.02.2026 12:16:21
  • Zuletzt bearbeitet 18.02.2026 21:44:27

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email veri...

Medienbericht
  • EPSS 0.24%
  • Veröffentlicht 16.02.2026 12:10:38
  • Zuletzt bearbeitet 23.03.2026 17:27:17

Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisor...

  • EPSS 0.16%
  • Veröffentlicht 16.02.2026 12:05:33
  • Zuletzt bearbeitet 18.02.2026 20:19:20

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting...

  • EPSS 0.15%
  • Veröffentlicht 16.02.2026 10:16:07
  • Zuletzt bearbeitet 18.02.2026 20:23:34

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate the authenticated user when processing {{/plugins/zoom/api/v1/channel-preference}}, which allows any logged-in us...

  • EPSS 0.15%
  • Veröffentlicht 16.02.2026 10:16:07
  • Zuletzt bearbeitet 18.02.2026 20:22:51

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 and Mattermost Plugin Zoom versions <=1.11.0 fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint which allows unauthorized users to start Zoom...