Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.52%
  • Veröffentlicht 11.08.2023 07:15:10
  • Zuletzt bearbeitet 21.11.2024 08:34:24

Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged

  • EPSS 0.33%
  • Veröffentlicht 11.08.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:24

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message

  • EPSS 0.31%
  • Veröffentlicht 11.08.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:24

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

  • EPSS 0.42%
  • Veröffentlicht 11.08.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 08:34:24

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.

  • EPSS 0.29%
  • Veröffentlicht 17.07.2023 16:15:11
  • Zuletzt bearbeitet 21.11.2024 08:17:40

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.

  • EPSS 0.6%
  • Veröffentlicht 16.06.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:17

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service

  • EPSS 0.62%
  • Veröffentlicht 16.06.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:17

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.

  • EPSS 0.56%
  • Veröffentlicht 16.06.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:18

Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.

  • EPSS 0.47%
  • Veröffentlicht 16.06.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:18

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.

  • EPSS 0.68%
  • Veröffentlicht 16.06.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:59:22

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.