Vulnerabilidades en Mattermost
434 resultadosCVE-2023-3591MEDIUMLack of previous password reset tokens on new token creationEPSS 0.3%CVE-2025-31947MEDIUMRepeated LDAP login failures can lock an LDAP accountEPSS 0.3%CVE-2025-41443MEDIUMGuest user can discover active public channelsEPSS 0.3%CVE-2026-25783MEDIUMDenial of service via malformed User-Agent header in getBrowserVersionEPSS 0.3%CVE-2025-41410MEDIUMSlack import bypasses email verification for team access controlsEPSS 0.3%CVE-2024-39837LOWMalicious remote can create arbitrary channelsEPSS 0.3%CVE-2024-5272MEDIUMRun Details leak to guest via webhook event "custom_playbooks_playbook_run_updated"EPSS 0.3%CVE-2025-49222MEDIUMMattermost Shared Channel Upload Type Validation BypassEPSS 0.3%CVE-2024-42000LOWUnauthorized Access to view channels' detailsEPSS 0.3%CVE-2024-43780MEDIUMUnauthorized channel file uploadEPSS 0.3%CVE-2025-2570LOWSystem Admin Cannot Access Environment settings in System Console While System Manager CanEPSS 0.3%CVE-2024-39361LOWCreating posts with user-defined IDs permitted in CreatePost APIEPSS 0.3%CVE-2026-4915MEDIUMServer panic via outgoing webhook responsesEPSS 0.3%CVE-2024-29977LOWMalicious remote can create arbitrary reactions on arbitrary postsEPSS 0.3%CVE-2024-41162MEDIUMMalicious remote can make an arbitrary local channel read-onlyEPSS 0.3%CVE-2025-54463MEDIUMUnexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence PluginEPSS 0.3%CVE-2025-14435MEDIUMApplication-Level DoS via infinite re-render loop in user profile handlingEPSS 0.3%CVE-2026-2454MEDIUMDoS in Calls plugin via malformed msgpack in websocket request.EPSS 0.3%CVE-2024-5270MEDIUMSAML to email switch possible when email signin is disabledEPSS 0.3%CVE-2025-24526MEDIUMChannel export permitted on archived channel when viewing archived channels is disabledEPSS 0.3%