4 matches found
GO-2025-4170 Mattermost fails to to verify the token used during code exchange in github.com/mattermost/mattermost-server
Mattermost fails to to verify the token used during code exchange in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fro...
EUVD-2017-9983
Malware in sbrugna...
CVE-2025-27936 Webhook Secret Exposure via Timing attack in MSteams plugin
Mattermost Plugin MSTeams versions 2.1.0 and Mattermost Server versions 10.5.x =10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack...
CVE-2024-28053 Resource Exhaustion via the Invitation Feature
Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server...