3 matches found
GHSA-X274-8QFC-HRGF Mattermost MS Teams plugin doesn't limit the request body size on the /lifecycle webhook endpoint
Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...
CVE-2026-24661
Mattermost Plugins
Mattermost Plugin MSTeams 安全漏洞
Mattermost Plugin MSTeams is a Mattermost plugin from Mattermost USA. A security vulnerability exists in Mattermost Plugin MSTeams versions prior to 2.1.0, which stems from a webhook key comparison that does not use a constant time algorithm, which could lead to a key disclosure...