Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.42%
  • Veröffentlicht 26.03.2026 16:29:54
  • Zuletzt bearbeitet 30.03.2026 19:42:39

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON config...

  • EPSS 0.29%
  • Veröffentlicht 26.03.2026 16:28:07
  • Zuletzt bearbeitet 08.06.2026 12:24:28

Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584

  • EPSS 0.23%
  • Veröffentlicht 26.03.2026 16:23:05
  • Zuletzt bearbeitet 30.03.2026 19:40:01

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibil...

  • EPSS 0.34%
  • Veröffentlicht 26.03.2026 16:21:19
  • Zuletzt bearbeitet 30.03.2026 19:40:45

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to validate decompressed archive entry sizes during file extraction which allows authenticated users with file upload permissions to cause a denial of ...

  • EPSS 0.34%
  • Veröffentlicht 26.03.2026 16:19:32
  • Zuletzt bearbeitet 08.06.2026 12:20:59

Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589

  • EPSS 0.13%
  • Veröffentlicht 26.03.2026 16:18:06
  • Zuletzt bearbeitet 30.03.2026 19:41:30

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost A...

  • EPSS 0.27%
  • Veröffentlicht 26.03.2026 16:16:49
  • Zuletzt bearbeitet 30.03.2026 19:45:27

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted...

  • EPSS 0.14%
  • Veröffentlicht 26.03.2026 10:43:24
  • Zuletzt bearbeitet 26.03.2026 18:48:39

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a malicious remote cluster to grant a user access to ...

  • EPSS 0.12%
  • Veröffentlicht 25.03.2026 16:33:32
  • Zuletzt bearbeitet 26.03.2026 18:49:34

Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint, which allows an attacker to trick an admin into ...

  • EPSS 0.35%
  • Veröffentlicht 25.03.2026 16:30:47
  • Zuletzt bearbeitet 26.03.2026 18:54:18

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an ...