157 matches found
CVE-2026-22880
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
CVE-2026-22880
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
CVE-2026-22880 Mobile SSO authentication flow allows credential theft via malicious server
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
CVE-2026-22880 Mobile SSO authentication flow allows credential theft via malicious server
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
EUVD-2026-31250
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
CVE-2026-22880
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
PT-2026-42432
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
Mattermost Mobile Apps 跨站请求伪造漏洞
Mattermost Mobile Apps is a messaging mobile application developed by the American company Mattermost. Versions of Mattermost Mobile Apps prior to 2.0.37, 11.0.4 and earlier, 11.1.3 and earlier, 11.3.2 and earlier, as well as 10.11.11.0 and earlier, contain a cross-site request forgeing...
CVE-2019-20849
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...
CVE-2019-20852
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information e.g., server addresses or message content...
CVE-2019-20848
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies...
CVE-2019-20851
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device...
CVE-2025-1558
Mattermost Mobile Apps versions =2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF...
CVE-2025-59480
Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...
CVE-2025-59480
Mattermost Mobile Apps (Android/iOS) versions up to and including 2.32.0 are affected by an insufficient verification of SSO redirect tokens. The root cause is failure to verify that SSO tokens originate from a trusted server, enabling a malicious Mattermost instance or an on-path attacker to obt...
CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft
Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...
CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft
Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...
PT-2025-46874
Name of the Vulnerable Software and Affected Versions Mattermost Mobile Apps versions prior to 2.32.0 Description The Mattermost Mobile Apps do not properly validate Single Sign-On SSO redirect tokens to ensure they come from a trusted server. This allows a malicious Mattermost instance or an...
Mattermost Mobile Apps 安全漏洞
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps version 2.32.0 and prior versions, which stems from an unverified SSO redirect token source that could lead to obtaining user session credentials...
EUVD-2020-6099
Malware in sbrugna...