Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the WebSocket process. An attacker can cause the server to crash and disrupt service availability for all users by sending a specially crafted binary WebSocket message to the public endpoin...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

SUSE CVE-2026-4265

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.2.2 and earlier of the 11.2.x series, as well as versions 10.11.10 and earlier of the 10.11.x series, 11.4.0 and earlier of the 11.4.x series, and 11.3...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.4.0 and earlier 11.4.x series, 11.3.1 and earlier 11.3.x series, 11.2.3 and earlier 11.2.x series, as well as 10.11.11 and earlier 10.11.x series. Thes...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of multi-factor authentication enforcement in WebSocket connections. An attacker can gain unauthorized access to sensitive information by establishing a WebSocket connection...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an unauthorized access vulnerability that stems from improper cleaning of Google OAuth credentials, which can be exploited by an attacker to cause unauthorized access...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from improperly invalidated personal access tokens, which can be exploited by an attacker to maintain full system access...

CVE-2023-27263

A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of...

Mattermost Authorization Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from improper privilege validation, which can be exploited by an attacker to make unauthorized changes to the system administrato...

Mattermost Information Disclosure Vulnerability (CNVD-2025-11083)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information in archived channels...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.1 and earlier and 9.11.9 and earlier, which stems from an insufficient MFA check and could lead to unauthorized MFA operations...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from not enforcing MFA on certain search APIs, which could lead to bypassing MFA protections...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an inability to block simultaneous check and update failed login attempts. The following versions are affected: versions 10.1.x through...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost version 9.11.2 and prior versions 9.11.x and version 9.5.10 and prior versions 9.5.x. The vulnerability stems from a failure to protect the MFA code from...

Mattermost Path Traversal Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a path traversal vulnerability that stems from an inability to clean up front-end user input used for redirection, which can be exploited by an attacker to cause a cross-site...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the inability to disable users from setting their own remote usernames when the shared channel is enabled, which allows a remote user to se...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the inability to prevent the specification of a RemoteId when creating a new user, allowing an attacker to specify both a RemoteId and a us...

Mattermost 跨站请求伪造漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a cross-site request forgery vulnerability that stems from the Jira plugin's inability to prevent logout CSRF, which can be exploited by an attacker to post a specially crafted...