Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.19%
  • Veröffentlicht 15.06.2026 13:55:25
  • Zuletzt bearbeitet 16.06.2026 16:54:47

Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other u...

  • EPSS 0.15%
  • Veröffentlicht 12.06.2026 17:16:27
  • Zuletzt bearbeitet 15.06.2026 20:56:44

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation (the check was only applied on update/patch), wh...

  • EPSS 0.26%
  • Veröffentlicht 12.06.2026 17:16:27
  • Zuletzt bearbeitet 15.06.2026 20:56:44

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management per...

  • EPSS 0.29%
  • Veröffentlicht 12.06.2026 17:16:27
  • Zuletzt bearbeitet 15.06.2026 20:56:44

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federat...

  • EPSS 0.26%
  • Veröffentlicht 12.06.2026 17:16:27
  • Zuletzt bearbeitet 15.06.2026 20:56:44

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote clus...

  • EPSS 0.3%
  • Veröffentlicht 12.06.2026 17:16:27
  • Zuletzt bearbeitet 15.06.2026 20:56:44

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group syncable link and patch endpoints, which allows a u...

  • EPSS 0.19%
  • Veröffentlicht 12.06.2026 17:16:26
  • Zuletzt bearbeitet 15.06.2026 20:56:44

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private me...

  • EPSS 0.18%
  • Veröffentlicht 12.06.2026 17:16:22
  • Zuletzt bearbeitet 15.06.2026 20:56:44

Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-lev...

  • EPSS 0.3%
  • Veröffentlicht 27.05.2026 15:16:34
  • Zuletzt bearbeitet 02.06.2026 14:29:03

Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary lo...

  • EPSS 0.28%
  • Veröffentlicht 25.05.2026 07:10:23
  • Zuletzt bearbeitet 01.06.2026 17:57:36

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service (se...