8 matches found
Mattermost Server 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.4 / 10.10.x < 10.10.1 / 10.11.0 Path Traversal (MMSA-2025-00501)
The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2025-00501 advisory. - Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload...
GHSA-PJ6F-RC94-GW53 Mattermost Fails to Sanitize File Names
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465 Path traversal in image upload with preview overwrite
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
CVE-2025-6465 Path traversal in image upload with preview overwrite
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 10.10.x = 10.10.0, 10.9.x = 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs...
SUSE CVE-2024-51749
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...
CVE-2024-51749 Element's thumbnails can be abused to misrepresent the content of an attachment
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...