6 matches found
Arbitrary File Upload
Mattermost is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of upload types because remote cluster upload sessions allow system admins to upload non-attachment file types, potentially enabling placement of files in arbitrary filesystem directories...
CVE-2025-49222
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...
GHSA-Q453-638C-H4MR Mattermost Fails to Validate Remote Cluster Upload Sessions
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...
CVE-2025-49222
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...
CVE-2025-49222
Mattermost CVE-2025-49222 affects Mattermost Server versions 9.11.x, 10.5.x, 10.8.x, 10.9.x, and 10.10.x, where upload type validation in remote cluster upload sessions can be bypassed, allowing a system admin to upload non‑attachment file types that may be placed in arbitrary filesystem director...
CVE-2025-49222 Mattermost Shared Channel Upload Type Validation Bypass
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2, 10.10.x = 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in...