Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-3495

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

4.8CVSS5.6AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 9:31 a.m.7 views

GHSA-JX93-PF6X-874R Mattermost doesn't escape some variables that could contain malicious content during error page composition

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

3.8CVSS5.9AI score0.00143EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.16 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.5 views

SUSE CVE-2026-2456

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.9 views

SUSE CVE-2026-24692

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

4.3CVSS5.9AI score0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/16 8:19 p.m.22 views

CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest

Mattermost versions 10.11.x = 10.11.10 fail to properly validate permission requirements in the team member roles API endpoint which allows team administrators to demote members to guest role. Mattermost Advisory ID: MMSA-2025-00531...

3.8CVSS0.00159EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.12 views

Mattermost fails to validate user's authentication method when processing account auth type switch

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

3.5CVSS5.8AI score0.00148EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/03/16 3:30 p.m.4 views

GHSA-M5RV-56XX-HFC6 Mattermost fails to properly handle very long passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25759

Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/12/17 3:34 p.m.8 views

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7AI score0.00145EPSS
Exploits0References5Affected Software3
CNNVD
CNNVD
added 2025/11/27 12:0 a.m.55 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from insufficient validation of code exchange tokens, which could lead to account takeover. The following versions are affected: version 11.0.2...

9.9CVSS6.6AI score0.0031EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/17 9:42 a.m.14 views

CVE-2025-58073

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state...

8.1CVSS6.8AI score0.00379EPSS
Exploits0References1
Rows per page
Query Builder