Lucene search
K

34 matches found

Veracode
Veracode
added 2025/10/30 10:42 a.m.6 views

Improper Input Sanitization

github.com/mattermost/mattermost-server is vulnerable to improper input sanitization. The vulnerability is due to insufficient sanitization of user data during shared channel membership synchronization, which allows an attacker from a malicious or compromised remote cluster to access sensitive us...

6.5CVSS6.8AI score0.00242EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/09/17 10:48 a.m.16 views

CVE-2025-9076

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 10:6 a.m.37 views

CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...

6.5CVSS0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost 10.10.1 and prior versions 10.10.x that stems from user data not being properly cleaned during shared channel member synchronization, which could allow a...

6.5CVSS6.2AI score0.00242EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/21 9:30 a.m.2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of upload types in remote cluster upload sessions. An attacker with system admin privileges can gain unauthorized access to sensitive files by uploading non-attachment file types through...

8.7CVSS7.3AI score0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/21 7:59 a.m.3 views

CVE-2025-49222 Mattermost Shared Channel Upload Type Validation Bypass

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...

6.8CVSS7.3AI score0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.4 views

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a double release of shared channel descriptors by the armscmi transfer in the firmware subsystem, which coul...

7.8CVSS6.5AI score0.00217EPSS
Exploits0References8
Veracode
Veracode
added 2024/08/29 5:33 a.m.7 views

Unauthorized Session Creation And Password Reset

github.com/mattermost/mattermost-server is vulnerable to Unauthorized Session Creation And Password Reset. The vulnerability is due to a lack of proper validation for remote/synthetic users due to a shared channel configuration. This allows attackers to create munged email addresses using shared...

6.5CVSS6.6AI score0.00261EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.9.x through 9.9.1, 9.5.x through 9.5.7, 9.10.x through 9.10.0, and 9.8.x through 9.8.2, which stems from the inability to edit an email address...

4.3CVSS6.2AI score0.0022EPSS
Exploits0References2
CNVD
CNVD
added 2024/08/05 12:0 a.m.4 views

Unspecified Vulnerability in Mattermost (CNVD-2024-35160)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to disable modification of local users when synchronizing users in a shared channel. An attacker could use the vulnerability t...

7.4CVSS6.4AI score0.00296EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/08/01 3:32 p.m.20 views

Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

8.7CVSS7AI score0.00341EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/08/01 3:15 p.m.37 views

CVE-2024-39274

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

8.7CVSS0.00341EPSS
Exploits0References1
OSV
OSV
added 2024/08/01 2:5 p.m.12 views

CVE-2024-39274 Malicious remote can add users to arbitrary teams and channels

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

8.7CVSS6.1AI score0.00341EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the inability to disable users from setting their own remote usernames when the shared channel is enabled, which allows a remote user to se...

4.3CVSS6.4AI score0.00338EPSS
Exploits0References2
Rows per page
Query Builder