Lucene search
K

67 matches found

Cvelist
Cvelist
added 2026/06/26 2:44 p.m.37 views

CVE-2026-4339 SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:44 p.m.27 views

CVE-2026-4339

Mattermost CPT: CVE-2026-4339 affects Mattermost versions 10.11.x up to 10.11.18, 11.6.x up to 11.6.3, and 11.5.x up to 11.5.6. The vulnerability arises from the Agents plugin MCP server failing to validate attachment URLs against internal/private IP ranges, enabling an attacker with MCP stdio ac...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 2:43 p.m.33 views

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/12 12:25 a.m.5 views

SUSE CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/26 10:55 p.m.5 views

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 6:32 p.m.6 views

EUVD-2025-198045

Mattermost allows other users to determine when users had read channels via channel member objects...

3CVSS6.3AI score0.00148EPSS
Exploits0References7
Snyk
Snyk
added 2025/11/18 6:32 p.m.3 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the Agents plugin process. An attacker can access information about when users have read channels by querying channel member objects. Remediation Upgrade...

3.5CVSS6.6AI score0.00148EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/18 6:32 p.m.16 views

Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2025/11/18 6:32 p.m.6 views

GHSA-9HH7-6558-QFP2 Mattermost allows other users to determine when users had read channels via channel member objects

Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3CVSS6.4AI score0.00148EPSS
Exploits0References9
NVD
NVD
added 2025/11/18 4:15 p.m.8 views

CVE-2025-55074

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3.5CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 3:23 p.m.2 views

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3CVSS6.4AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 3:23 p.m.20 views

CVE-2025-55074

Mattermost server (versions 10.11.x <= 10.11.3 and 10.5.x

3.5CVSS6.4AI score0.00148EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/18 3:23 p.m.4 views

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3CVSS6AI score0.00148EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 3:23 p.m.12 views

CVE-2025-55074 Channel member objects leak read status

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...

3CVSS0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.13 views

PT-2025-47329

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Description The Mattermost application does not properly enforce access permissions within the Agents plugin. This allows other users to determine when user...

3.5CVSS6.5AI score0.00148EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25431

Malicious code in bioql PyPI...

3.5CVSS6.3AI score0.00174EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2189

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00998EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4585

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00818EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1608

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2025/08/29 2:52 p.m.4 views

GO-2025-3906 Mattermost Server SSRF Vulnerability via the Agents Plugin in github.com/mattermost/mattermost-server

Mattermost Server SSRF Vulnerability via the Agents Plugin in github.com/mattermost/mattermost-server...

3.5CVSS7AI score0.00174EPSS
Exploits0References3
Rows per page
Query Builder