Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.14%
  • Veröffentlicht 22.05.2026 16:26:04
  • Zuletzt bearbeitet 22.05.2026 16:26:04

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying th...

  • EPSS 0.17%
  • Veröffentlicht 22.05.2026 10:28:47
  • Zuletzt bearbeitet 22.05.2026 10:28:47

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persiste...

  • EPSS 0.15%
  • Veröffentlicht 22.05.2026 10:27:02
  • Zuletzt bearbeitet 22.05.2026 10:27:02

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via cr...

  • EPSS 0.25%
  • Veröffentlicht 22.05.2026 10:25:17
  • Zuletzt bearbeitet 22.05.2026 10:25:17

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request t...

  • EPSS 0.18%
  • Veröffentlicht 22.05.2026 10:23:20
  • Zuletzt bearbeitet 22.05.2026 10:23:20

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team...

  • EPSS 0.33%
  • Veröffentlicht 22.05.2026 10:22:01
  • Zuletzt bearbeitet 22.05.2026 10:22:01

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server proc...

  • EPSS 0.25%
  • Veröffentlicht 22.05.2026 10:20:43
  • Zuletzt bearbeitet 22.05.2026 10:20:43

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests....

  • EPSS 0.25%
  • Veröffentlicht 22.05.2026 10:18:49
  • Zuletzt bearbeitet 22.05.2026 10:18:49

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or po...

  • EPSS 0.12%
  • Veröffentlicht 21.05.2026 08:22:00
  • Zuletzt bearbeitet 21.05.2026 15:26:35

Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a leg...

  • EPSS 0.25%
  • Veröffentlicht 21.05.2026 08:12:11
  • Zuletzt bearbeitet 21.05.2026 19:43:31

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth tok...