34 matches found
Improper Input Sanitization
github.com/mattermost/mattermost-server is vulnerable to improper input sanitization. The vulnerability is due to insufficient sanitization of user data during shared channel membership synchronization, which allows an attacker from a malicious or compromised remote cluster to access sensitive us...
CVE-2025-9076
Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...
CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization
Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost 10.10.1 and prior versions 10.10.x that stems from user data not being properly cleaned during shared channel member synchronization, which could allow a...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to improper validation of upload types in remote cluster upload sessions. An attacker with system admin privileges can gain unauthorized access to sensitive files by uploading non-attachment file types through...
CVE-2025-49222 Mattermost Shared Channel Upload Type Validation Bypass
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a double release of shared channel descriptors by the armscmi transfer in the firmware subsystem, which coul...
Unauthorized Session Creation And Password Reset
github.com/mattermost/mattermost-server is vulnerable to Unauthorized Session Creation And Password Reset. The vulnerability is due to a lack of proper validation for remote/synthetic users due to a shared channel configuration. This allows attackers to create munged email addresses using shared...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.9.x through 9.9.1, 9.5.x through 9.5.7, 9.10.x through 9.10.0, and 9.8.x through 9.8.2, which stems from the inability to edit an email address...
Unspecified Vulnerability in Mattermost (CNVD-2024-35160)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to disable modification of local users when synchronizing users in a shared channel. An attacker could use the vulnerability t...
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...
CVE-2024-39274
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...
CVE-2024-39274 Malicious remote can add users to arbitrary teams and channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from the inability to disable users from setting their own remote usernames when the shared channel is enabled, which allows a remote user to se...