Filtered by vendor Mattermost
Subscriptions
Total
453 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8285 | 1 Mattermost | 2 Confluence, Mattermost | 2025-09-24 | 4 Medium |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint. | ||||
| CVE-2025-9076 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-20 | 6.5 Medium |
| Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled. | ||||
| CVE-2025-9072 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-17 | 7.6 High |
| Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL. | ||||
| CVE-2025-9084 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-17 | 3.1 Low |
| Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs | ||||
| CVE-2025-9078 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-17 | 4.3 Medium |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing | ||||
| CVE-2025-8023 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-08-25 | 6.8 Medium |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file placement outside intended directories. | ||||
| CVE-2025-6465 | 1 Mattermost | 1 Mattermost | 2025-08-23 | 4.3 Medium |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs. | ||||
| CVE-2025-2527 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-08-22 | 4.3 Medium |
| Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request. | ||||
| CVE-2025-53971 | 1 Mattermost | 1 Mattermost | 2025-08-22 | 3.8 Low |
| Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint. | ||||
| CVE-2025-36530 | 1 Mattermost | 1 Mattermost | 2025-08-22 | 6.8 Medium |
| Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import functionality, bypassing plugin signature enforcement and marketplace restrictions. | ||||
| CVE-2025-49810 | 1 Mattermost | 1 Mattermost | 2025-08-22 | 3.5 Low |
| Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts | ||||
| CVE-2025-47870 | 1 Mattermost | 1 Mattermost | 2025-08-22 | 4.3 Medium |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id. | ||||
| CVE-2025-47700 | 1 Mattermost | 2 Mattermost, Server | 2025-08-22 | 3.5 Low |
| Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions | ||||
| CVE-2025-49222 | 1 Mattermost | 1 Mattermost | 2025-08-22 | 6.8 Medium |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2, 10.10.x <= 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in arbitrary filesystem directories. | ||||
| CVE-2025-20051 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-08-18 | 9.9 Critical |
| Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards. | ||||
| CVE-2025-6226 | 1 Mattermost | 1 Mattermost | 2025-08-07 | 6.5 Medium |
| Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts. | ||||
| CVE-2025-6233 | 1 Mattermost | 1 Mattermost | 2025-07-22 | 6.8 Medium |
| Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal. | ||||
| CVE-2025-6227 | 1 Mattermost | 1 Mattermost | 2025-07-22 | 2.2 Low |
| Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API. | ||||
| CVE-2024-48872 | 1 Mattermost | 1 Mattermost | 2025-07-13 | 4.8 Medium |
| Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests | ||||
| CVE-2025-20033 | 1 Mattermost | 1 Mattermost | 2025-07-13 | 4.3 Medium |
| Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | ||||