CVE-2017-18881

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a gotolocation response to a slash command...

GO-2025-4201 Mattermost Server is vulnerable to webhook and slash command manipulation in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to webhook and slash command manipulation in github.com/mattermost/mattermost-server...

EUVD-2019-11425

Malware in sbrugna...

EUVD-2024-34441

Malicious code in bioql PyPI...

CVE-2024-29215

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1, 8.1.x = 8.1.12 fail to enforce proper access control which allows a user to run a slash command in a channel they are not a member of via linking a playbook run to that channel and running a slash command as a playbook task command...

CVE-2024-36255

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

CVE-2024-29215

Mattermost Server vulnerability CVE-2024-29215: Improper access control in slash commands linked to playbook tasks allows a user to run a slash command in a channel they are not a member of. Affected versions: Mattermost 9.5.x up to 9.5.3; 9.7.x up to 9.7.1; 9.6.x up to 9.6.1; 8.1.x up to 8.1.12....

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

CVE-2024-36255

Mattermost CVE-2024-36255 involves improper input validation on post actions in affected releases, enabling an attacker to execute a playbook checklist task command as another user by crafting a deceptive post action that unexpectedly runs a slash command in an arbitrary channel. Affected version...

PT-2024-26935 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Description: The issue arises from inadequate input validation on post actions, allowing an attacker to execute a playboo...

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

Design/Logic Flaw

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in versions prior to Rocket.Chat 6.0, which stems from an ACL check in the slash command /mute, after checking if a user is a member of a given channel, which can disclose private channel members to...

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...

PT-2023-21667 · Rocket.Chat · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat affected versions not specified Description: A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command "/mute" occur after checking whether a user is a member of a given channel, leaking private...

CVE-2023-28357

CVE-2023-28357 affects Rocket.Chat. The vulnerability arises in the Slash Command /mute, where an ACL check occurs after confirming a user’s channel membership, allowing authenticated users to enumerate whether a username is a member of a channel they cannot access. Impact described as informatio...

GHSA-5MH6-P63G-3MV5 Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command

An issue was discovered in Mattermost Server before 5.1.0. It allows attackers to cause a denial of service via the invitepeople slash command...

Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command

An issue was discovered in Mattermost Server before 5.1.0. It allows attackers to cause a denial of service via the invitepeople slash command...