Mattermost

Mattermost

214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-0476

  • EPSS 0.31%
  • Veröffentlicht 16.01.2025 00:15:25
  • Zuletzt bearbeitet 24.09.2025 16:47:36

Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment

6.5

CVE-2025-20086

  • EPSS 0.3%
  • Veröffentlicht 15.01.2025 17:15:19
  • Zuletzt bearbeitet 30.09.2025 15:51:23

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

6.5

CVE-2025-20088

  • EPSS 0.3%
  • Veröffentlicht 15.01.2025 17:15:19
  • Zuletzt bearbeitet 01.10.2025 18:20:36

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

6.5

CVE-2025-21083

  • EPSS 0.16%
  • Veröffentlicht 15.01.2025 17:15:19
  • Zuletzt bearbeitet 25.09.2025 19:14:15

Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

6.5

CVE-2025-20036

  • EPSS 0.16%
  • Veröffentlicht 15.01.2025 17:15:18
  • Zuletzt bearbeitet 25.09.2025 19:14:06

Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

6.5

CVE-2025-21088

  • EPSS 0.26%
  • Veröffentlicht 15.01.2025 16:15:32
  • Zuletzt bearbeitet 30.09.2025 15:52:59

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafte...

6.5

CVE-2025-20033

  • EPSS 0.26%
  • Veröffentlicht 09.01.2025 07:15:28
  • Zuletzt bearbeitet 02.10.2025 17:26:14

Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_...

5.3

CVE-2025-22445

  • EPSS 0.12%
  • Veröffentlicht 09.01.2025 07:15:28
  • Zuletzt bearbeitet 02.10.2025 17:25:07

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.

3.8

CVE-2025-22449

  • EPSS 0.1%
  • Veröffentlicht 09.01.2025 07:15:28
  • Zuletzt bearbeitet 29.09.2025 17:44:58

Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.

5.5

CVE-2024-11358

  • EPSS 0.05%
  • Veröffentlicht 16.12.2024 17:15:07
  • Zuletzt bearbeitet 24.09.2025 19:39:33

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.