Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.17%
  • Veröffentlicht 16.02.2026 09:47:45
  • Zuletzt bearbeitet 18.02.2026 20:20:07

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Adviso...

  • EPSS 0.2%
  • Veröffentlicht 13.02.2026 10:30:03
  • Zuletzt bearbeitet 23.02.2026 15:53:11

Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoin...

  • EPSS 0.24%
  • Veröffentlicht 13.02.2026 10:29:00
  • Zuletzt bearbeitet 18.02.2026 21:34:16

Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content a...

  • EPSS 0.27%
  • Veröffentlicht 16.01.2026 11:25:35
  • Zuletzt bearbeitet 20.01.2026 15:06:30

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

  • EPSS 0.32%
  • Veröffentlicht 16.01.2026 08:52:43
  • Zuletzt bearbeitet 20.01.2026 15:11:19

Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens

  • EPSS 0.15%
  • Veröffentlicht 24.12.2025 08:15:46
  • Zuletzt bearbeitet 31.12.2025 18:55:29

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jir...

  • EPSS 0.17%
  • Veröffentlicht 24.12.2025 08:15:45
  • Zuletzt bearbeitet 31.12.2025 18:56:27

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to...

  • EPSS 0.23%
  • Veröffentlicht 22.12.2025 11:24:55
  • Zuletzt bearbeitet 29.12.2025 18:47:45

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin,...

  • EPSS 0.09%
  • Veröffentlicht 17.12.2025 18:14:14
  • Zuletzt bearbeitet 18.12.2025 19:47:06

Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.

  • EPSS 0.17%
  • Veröffentlicht 17.12.2025 18:14:13
  • Zuletzt bearbeitet 29.12.2025 18:46:13

Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy (version 1) protocol or when the confirming party does not provide a refreshed token, which allows an a...