Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.19%
  • Veröffentlicht 11.06.2025 10:25:04
  • Zuletzt bearbeitet 08.07.2025 19:42:06

Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api...

  • EPSS 0.24%
  • Veröffentlicht 11.06.2025 10:22:24
  • Zuletzt bearbeitet 08.07.2025 17:59:16

Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to e...

  • EPSS 0.19%
  • Veröffentlicht 30.05.2025 14:22:09
  • Zuletzt bearbeitet 15.10.2025 14:16:49

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access tok...

  • EPSS 0.19%
  • Veröffentlicht 30.05.2025 14:22:09
  • Zuletzt bearbeitet 08.07.2025 17:11:34

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not...

  • EPSS 0.21%
  • Veröffentlicht 30.05.2025 14:22:08
  • Zuletzt bearbeitet 15.10.2025 14:15:03

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public chann...

  • EPSS 0.18%
  • Veröffentlicht 30.05.2025 14:22:08
  • Zuletzt bearbeitet 15.10.2025 14:15:37

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the G...

  • EPSS 0.27%
  • Veröffentlicht 29.05.2025 15:10:36
  • Zuletzt bearbeitet 03.10.2025 14:02:57

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and mod...

  • EPSS 0.28%
  • Veröffentlicht 15.05.2025 15:27:50
  • Zuletzt bearbeitet 06.10.2025 15:22:43

Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true ...

  • EPSS 0.26%
  • Veröffentlicht 15.05.2025 15:27:49
  • Zuletzt bearbeitet 22.08.2025 20:21:35

Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.

  • EPSS 0.2%
  • Veröffentlicht 15.05.2025 10:43:46
  • Zuletzt bearbeitet 29.09.2025 21:05:33

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that...