Vulnerabilidades en Mattermost
434 resultadosCVE-2024-9155MEDIUMInsufficient Authorization On Unlinked Channel FilesEPSS 0.3%CVE-2025-9081LOWIDOR in board file download allows any user to download any file by UUIDEPSS 0.3%CVE-2026-4646MEDIUMInsufficient input validation in GitHub plugin API causes denial of serviceEPSS 0.3%CVE-2026-4858HIGHPath traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.EPSS 0.2%CVE-2024-48872MEDIUMBypass of "Max failed attempts" restriction via race conditionEPSS 0.2%CVE-2024-47145LOWUnauthorized access on archived channels via file linksEPSS 0.2%CVE-2025-54499LOWInsecure string comparison enables timing attacksEPSS 0.2%CVE-2024-23319LOWCSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)EPSS 0.2%CVE-2025-3228MEDIUMUnauthorized Guest user access to PlaybookEPSS 0.2%CVE-2026-5755MEDIUMDenial of service via crafted TIFF file uploadEPSS 0.2%CVE-2025-11794MEDIUMPassword hash and MFA secret returned in user email verification endpointEPSS 0.2%CVE-2024-43813MEDIUMIDOR when marking read a user's channelEPSS 0.2%CVE-2024-29215MEDIUMSlash commands run in channel without channel membership via playbook task commandsEPSS 0.2%CVE-2025-9076MEDIUMMattermost Server exposes sensitive user credentials during shared channel membership synchronizationEPSS 0.2%CVE-2026-4054MEDIUMSVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of serviceEPSS 0.2%CVE-2024-31859MEDIUMMember promoted to channel admin via playbooks run linking to channelEPSS 0.2%CVE-2025-12689MEDIUMDoS in Calls plugin via malformed UTF-8 in WebSocket requestEPSS 0.2%CVE-2026-6340MEDIUMMemory Exhaustion via Malicious 7zip File UploadEPSS 0.2%CVE-2026-2325MEDIUMImproper Input Validation in MS Teams Meetings API HandlerEPSS 0.2%CVE-2026-22892MEDIUMInsufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post AttachmentsEPSS 0.2%