Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.34%
  • Veröffentlicht 03.07.2024 09:15:06
  • Zuletzt bearbeitet 21.11.2024 09:27:31

Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.

  • EPSS 0.28%
  • Veröffentlicht 03.07.2024 09:15:06
  • Zuletzt bearbeitet 21.11.2024 09:27:32

Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a use...

  • EPSS 0.18%
  • Veröffentlicht 26.05.2024 14:15:10
  • Zuletzt bearbeitet 30.09.2025 15:29:54

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post...

  • EPSS 0.27%
  • Veröffentlicht 26.05.2024 14:15:10
  • Zuletzt bearbeitet 30.09.2025 15:47:34

Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentic...

  • EPSS 0.28%
  • Veröffentlicht 26.05.2024 14:15:10
  • Zuletzt bearbeitet 30.09.2025 15:48:21

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the...

  • EPSS 0.23%
  • Veröffentlicht 26.05.2024 14:15:09
  • Zuletzt bearbeitet 30.09.2025 15:24:46

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were...

  • EPSS 0.3%
  • Veröffentlicht 26.05.2024 14:15:09
  • Zuletzt bearbeitet 30.09.2025 15:26:42

Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 fail to perform a proper authorization check in the /api/v4/groups/<group-id>/channels/<channel-id>/link endpoint which allows a user to learn the members of an AD/LDAP group that...

  • EPSS 0.26%
  • Veröffentlicht 26.05.2024 14:15:09
  • Zuletzt bearbeitet 30.09.2025 15:27:40

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper access control which allows a guest to get the metadata of a public playbook run that linked to the channel they are guest via sending an RHSRuns GraphQL qu...

  • EPSS 0.26%
  • Veröffentlicht 26.05.2024 14:15:09
  • Zuletzt bearbeitet 30.09.2025 15:28:53

Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command

  • EPSS 0.24%
  • Veröffentlicht 26.05.2024 14:15:08
  • Zuletzt bearbeitet 08.07.2025 18:02:30

Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and ...