Vulnerabilidades en Mattermost
434 resultadosCVE-2022-2401MEDIUMTeam members could access sensitive information of other users via an API callEPSS 0.7%CVE-2025-4981CRITICALPath Traversal Leading to RCE by Any Authenticated Mattermost UserEPSS 0.7%CVE-2022-1333LOWA specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of ServiceEPSS 0.7%CVE-2024-24988MEDIUMExcessive resource consumption when sending long emoji names in user custom statusEPSS 0.7%CVE-2023-2831MEDIUMDenial of Service while unescaping a Markdown stringEPSS 0.7%CVE-2021-37867MEDIUMEmails of all users are exposed via one of the Boards APIsEPSS 0.7%CVE-2021-37862LOWMattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into EPSS 0.7%CVE-2023-45847MEDIUM Playbook Plugin Crash via Run ChecklistEPSS 0.6%CVE-2023-49607MEDIUMPlaybook plugin crash via missing interface type assertionEPSS 0.6%CVE-2023-6458HIGHClient side path traversal due to lack of route parameters validationEPSS 0.6%CVE-2023-49809MEDIUMTodo plugin gets crashed and disabled by memberEPSS 0.6%CVE-2022-1002LOWHTML Injection while inviting GuestsEPSS 0.6%CVE-2023-48369MEDIUMLog Flooding due to specially crafted requests in different endpointsEPSS 0.6%CVE-2022-1384MEDIUMAuthorized users are allowed to install old plugin versions from the MarketplaceEPSS 0.6%CVE-2023-2792MEDIUMEphemeral messages return private channel contents in permalink previewsEPSS 0.6%CVE-2021-37860LOWMattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary webEPSS 0.6%CVE-2024-4183MEDIUMMattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessiEPSS 0.6%CVE-2022-1332MEDIUMRestricted custom admin role can bypass the restrictions and view the server logs and server config.json file contentsEPSS 0.6%CVE-2023-2785MEDIUMSpecially crafted search query can cause large log entries in postgresEPSS 0.6%CVE-2025-9079HIGHAdmin RCE via prepackaged plugins by way of misconfigured imports directoryEPSS 0.6%