Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.7 views

Mattermost doesn't sanitize sensitive configuration fields in the Mattermost Calls plugin

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2026/05/18 8:30 a.m.24 views

CVE-2026-6347

Summary: CVE-2026-6347 affects Mattermost releases 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The vulnerability arises in the Mattermost Calls plugin where sensitive configuration fields are not sanitized. This allows an attacker with access to a support packet to obtai...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/18 8:30 a.m.46 views

CVE-2026-6347 Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:30 a.m.10 views

CVE-2026-6347 Mattermost Calls plugin exposes TURN server credentials in plaintext in support packets

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41661

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description The Mattermost Calls plugin fails to sanitize sensitive configuration fields. This allows an attacker...

7.6CVSS5.8AI score0.00256EPSS
Exploits0References10
NVD
NVD
added 2025/12/17 1:15 p.m.8 views

CVE-2025-62190

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

4.3CVSS0.001EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 1:15 p.m.3 views

CVE-2025-62190

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

4.3CVSS6.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51826

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

4.3CVSS6.8AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-3066

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00508EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/09 6:55 a.m.18 views

CVE-2025-22445 Misleading UI for undefined admin console settings in Calls causes security confusion

Mattermost versions 10.x = 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting...

3.5CVSS6.9AI score0.00312EPSS
Exploits0References1
Rows per page
Query Builder