Mattermost

Mattermost

214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-55070

  • EPSS 0.13%
  • Veröffentlicht 14.11.2025 08:15:45
  • Zuletzt bearbeitet 17.11.2025 17:51:05

Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events

5.3

CVE-2025-55073

  • EPSS 0.04%
  • Veröffentlicht 14.11.2025 08:15:45
  • Zuletzt bearbeitet 19.11.2025 21:44:28

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams pl...

4.3

CVE-2025-11776

  • EPSS 0.04%
  • Veröffentlicht 14.11.2025 08:15:43
  • Zuletzt bearbeitet 17.11.2025 17:52:51

Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the `/api/v4/teams/{team_id}/channels/search_archived` endpoint

6.5

CVE-2025-59480

  • EPSS 0.02%
  • Veröffentlicht 13.11.2025 17:32:04
  • Zuletzt bearbeitet 21.01.2026 19:37:37

Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses

4.3

CVE-2025-11777

  • EPSS 0.03%
  • Veröffentlicht 13.11.2025 17:32:03
  • Zuletzt bearbeitet 17.11.2025 18:05:07

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams...

6.1

CVE-2025-55035

  • EPSS 0.08%
  • Veröffentlicht 16.10.2025 15:18:25
  • Zuletzt bearbeitet 29.10.2025 18:31:15

Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the u...

8.1

CVE-2025-58073

  • EPSS 0.04%
  • Veröffentlicht 16.10.2025 08:44:26
  • Zuletzt bearbeitet 21.10.2025 17:51:42

Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless ...

5.4

CVE-2025-41410

  • EPSS 0.01%
  • Veröffentlicht 16.10.2025 08:39:58
  • Zuletzt bearbeitet 21.10.2025 18:00:54

Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import...

4.3

CVE-2025-10545

  • EPSS 0.01%
  • Veröffentlicht 16.10.2025 08:24:25
  • Zuletzt bearbeitet 21.10.2025 18:02:51

Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/m...

8.1

CVE-2025-58075

  • EPSS 0.04%
  • Veröffentlicht 16.10.2025 08:20:06
  • Zuletzt bearbeitet 21.10.2025 17:49:14

Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless ...