Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.19 views

CVE-2024-39274

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

8.7CVSS7AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.7 views

CVE-2024-2450

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request und...

8.8CVSS6.5AI score0.00596EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0444

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00359EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-10699

Malicious code in bioql PyPI...

2.7CVSS3.6AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2025/06/30 5:15 p.m.8 views

CVE-2025-47871

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informatio...

5.4CVSS0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.2 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability in Mattermost versions 10.5.5 and prior 10.5.x, 9.11.15 and prior 9.11.x, 10.8.0 and prior 10.8.x, 10.7.2 and prior 10.7.x, and 10.6.5 and prior 10.6.x, which stems from an...

9.9CVSS6.5AI score0.00687EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/13 11:7 a.m.6 views

CVE-2025-4128

Mattermost versions 10.5.x = 10.5.4, 9.11.x = 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/teamid...

4.3CVSS3.6AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:7 a.m.8 views

CVE-2023-5160

Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAMID/top/teammembers endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled...

4.3CVSS6.8AI score0.0036EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.9 views

CVE-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS6.7AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.18 views

CVE-2023-27266

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS6.7AI score0.00526EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.11 views

CVE-2023-2786

Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands...

4.3CVSS7AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.6 views

CVE-2023-3577

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF...

4.3CVSS6.8AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.6 views

CVE-2022-1385

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels...

5.8CVSS6.5AI score0.00806EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 p.m.8 views

CVE-2021-37861

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails...

7.5CVSS7AI score0.00879EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 p.m.5 views

CVE-2021-37860

Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP...

6.1CVSS6.6AI score0.00611EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/14 6:57 a.m.31 views

CVE-2025-32093 Syatem admin profile modification by delegated granular administration role

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

4.7CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 3:33 p.m.228 views

CVE-2025-24866

CVE-2025-24866 affects Mattermost server (Mattermost 9.11.x, including 9.11.8 and earlier) where the access control on the /api/v4/audits endpoint is improper. The vulnerability allows users with delegated granular administration roles who do not have access to Compliance Monitoring to retrieve U...

2.7CVSS7.1AI score0.00259EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/21 9:30 a.m.19 views

Mattermost Fails to Enforce MFA on Plugin Endpoints

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

8.8CVSS6.9AI score0.00317EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/03/21 8:26 a.m.24 views

CVE-2025-25068 Bypassing MFA Enforcement on Plugin Endpoints

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

7.5CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added 2025/03/21 8:24 a.m.130 views

CVE-2025-30179

Mattermost CVE-2025-30179 affects Mattermost Server: MFA is not enforced on certain search APIs, allowing authenticated users to bypass MFA via user, channel, or team search. Affected lines are Mattermost Server 9.11.x ≤ 9.11.8, 10.3.x ≤ 10.3.3, and 10.4.x ≤ 10.4.2. Remediation per advisories is ...

6.5CVSS4.6AI score0.00291EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder