5 matches found
CVE-2026-22880 Mobile SSO authentication flow allows credential theft via malicious server
Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...
PT-2025-46874
Name of the Vulnerable Software and Affected Versions Mattermost Mobile Apps versions prior to 2.32.0 Description The Mattermost Mobile Apps do not properly validate Single Sign-On SSO redirect tokens to ensure they come from a trusted server. This allows a malicious Mattermost instance or an...
EUVD-2024-32440
Malicious code in bioql PyPI...
CVE-2024-3872
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link...
CVE-2024-3872
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link...