Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.19%
  • Veröffentlicht 21.08.2025 07:15:27
  • Zuletzt bearbeitet 22.08.2025 18:09:17

Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts

  • EPSS 0.46%
  • Veröffentlicht 21.08.2025 07:11:43
  • Zuletzt bearbeitet 22.08.2025 18:09:17

Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path trave...

  • EPSS 0.18%
  • Veröffentlicht 18.07.2025 11:39:46
  • Zuletzt bearbeitet 14.10.2025 14:32:24

Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the in...

  • EPSS 0.38%
  • Veröffentlicht 18.07.2025 09:09:22
  • Zuletzt bearbeitet 02.10.2025 19:49:31

Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.

  • EPSS 0.31%
  • Veröffentlicht 18.07.2025 08:48:02
  • Zuletzt bearbeitet 02.10.2025 19:49:18

Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't hav...

  • EPSS 0.18%
  • Veröffentlicht 30.06.2025 16:51:13
  • Zuletzt bearbeitet 08.07.2025 14:11:52

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users wi...

  • EPSS 0.17%
  • Veröffentlicht 30.06.2025 16:51:13
  • Zuletzt bearbeitet 08.07.2025 14:11:33

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members bu...

  • EPSS 0.25%
  • Veröffentlicht 20.06.2025 14:31:49
  • Zuletzt bearbeitet 08.07.2025 14:30:48

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

  • EPSS 0.21%
  • Veröffentlicht 20.06.2025 14:31:48
  • Zuletzt bearbeitet 08.07.2025 14:31:06

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Me...

  • EPSS 0.7%
  • Veröffentlicht 20.06.2025 10:27:13
  • Zuletzt bearbeitet 08.07.2025 17:59:42

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem...