Lucene search
+L

16 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.14 views

Mattermost Server < 11.0.0 Multiple Vulnerabilities (MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540 advisory. - Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users ...

7.5CVSS5.9AI score0.00297EPSS
Exploits0References4
NVD
NVD
added 2025/11/14 8:15 a.m.7 views

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

4.3CVSS0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/14 8:0 a.m.7 views

EUVD-2025-186557

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

3.1CVSS6.3AI score0.00164EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-24342

Malware in sbrugna...

6.5CVSS6.5AI score0.00585EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.12 views

CVE-2024-47145

Mattermost versions 9.5.x = 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links...

4.3CVSS6.8AI score0.00252EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/25 11:57 p.m.6 views

CVE-2025-27571

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS6.3AI score0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/24 12:0 a.m.20 views

Mattermost Server 9.11.x < 9.11.10 / 10.4.x < 10.4.4 / 10.5.x < 10.5.2 / 10.6.0 (MMSA-2025-00436)

The version of Mattermost Server installed on the remote host is prior to 9.11.10, 10.4.4, or 10.5.2 / 10.6.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00436 advisory. - Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly...

4.3CVSS4.8AI score0.0025EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/16 6:31 p.m.15 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS6.3AI score0.0025EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/04/16 5:15 p.m.14 views

CVE-2025-2564

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS0.0025EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/16 9:32 a.m.14 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS6.3AI score0.00239EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/16 7:45 a.m.6 views

CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS4.7AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 7:45 a.m.19 views

CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived...

4.3CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 7:45 a.m.204 views

CVE-2025-27571

CVE-2025-27571 affects Mattermost Server versions 9.11.x &lt;= 9.11.9, 10.4.x &lt;= 10.4.3, and 10.5.x

4.3CVSS4.4AI score0.00239EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/04/01 1:56 p.m.10 views

Incorrect Authorization

Mattermost is vulnerable to Incorrect Authorization. The vulnerability is due to improper restriction of command execution due to a flaw that allows authenticated users to run commands in archived channels...

8.8CVSS7.2AI score0.00339EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2025/03/21 9:30 a.m.19 views

Mattermost Fails to Restrict Command Execution in Archived Channels

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels...

8.8CVSS7.3AI score0.00339EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/24 9:35 a.m.25 views

Mattermost fails to restrict channel export of archived channels

Mattermost versions 10.1.x = 10.1.3, 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access ...

4.3CVSS6.7AI score0.00271EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder