Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.51%
  • Veröffentlicht 06.11.2023 16:15:42
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin

  • EPSS 0.51%
  • Veröffentlicht 06.11.2023 16:15:42
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. 

  • EPSS 0.53%
  • Veröffentlicht 06.11.2023 16:15:42
  • Zuletzt bearbeitet 21.11.2024 08:42:53

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.

  • EPSS 0.38%
  • Veröffentlicht 17.10.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:56

Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. 

  • EPSS 0.36%
  • Veröffentlicht 02.10.2023 11:15:50
  • Zuletzt bearbeitet 21.11.2024 08:41:12

Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled

  • EPSS 0.37%
  • Veröffentlicht 29.09.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:12

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.

  • EPSS 0.47%
  • Veröffentlicht 29.09.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:16

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.

  • EPSS 0.34%
  • Veröffentlicht 29.09.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:16

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager

  • EPSS 0.42%
  • Veröffentlicht 29.09.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:16

Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of

  • EPSS 0.56%
  • Veröffentlicht 29.09.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:16

Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becomi...