Mattermost

Mattermost

317 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.18%
  • Veröffentlicht 25.03.2026 16:28:29
  • Zuletzt bearbeitet 26.03.2026 18:51:38

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to properly validate user identity in the OpenID {{IsSameUser()}} comparison logic, which allows an attacker to take over arbitrary user accounts via a...

  • EPSS 0.31%
  • Veröffentlicht 25.03.2026 16:24:47
  • Zuletzt bearbeitet 26.03.2026 18:52:31

Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service (server crash and restart) via HTTP/2 single pack...

  • EPSS 0.2%
  • Veröffentlicht 16.03.2026 20:24:05
  • Zuletzt bearbeitet 18.03.2026 13:56:22

Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or ...

  • EPSS 0.16%
  • Veröffentlicht 16.03.2026 20:19:51
  • Zuletzt bearbeitet 18.03.2026 13:56:13

Mattermost versions 10.11.x <= 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531

  • EPSS 0.27%
  • Veröffentlicht 16.03.2026 20:10:16
  • Zuletzt bearbeitet 18.03.2026 13:56:03

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket m...

  • EPSS 0.16%
  • Veröffentlicht 16.03.2026 19:53:21
  • Zuletzt bearbeitet 18.03.2026 13:56:31

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify run_create permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542

  • EPSS 0.17%
  • Veröffentlicht 16.03.2026 14:56:45
  • Zuletzt bearbeitet 18.03.2026 13:54:50

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API reque...

  • EPSS 0.15%
  • Veröffentlicht 16.03.2026 14:54:45
  • Zuletzt bearbeitet 18.03.2026 13:54:31

Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different aut...

  • EPSS 0.17%
  • Veröffentlicht 16.03.2026 14:53:31
  • Zuletzt bearbeitet 18.03.2026 13:55:00

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 ...

  • EPSS 0.18%
  • Veröffentlicht 16.03.2026 14:51:43
  • Zuletzt bearbeitet 18.03.2026 13:53:15

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know...