Vulnerabilidades en Mattermost
434 resultadosCVE-2024-22091LOWExcessive resource consumption due to lack to request path size limitsEPSS 0.5%CVE-2023-1777MEDIUMInformation disclosure in linked message previewsEPSS 0.5%CVE-2023-6459MEDIUMPublic endpoint /metrics of Calls plugin reveals channel IDsEPSS 0.5%CVE-2023-5969MEDIUM Denial of Service via Link Preview in /api/v4/redirect_locationEPSS 0.5%CVE-2023-27265LOWDisclosure of team owner email address when regenerating Invite IDEPSS 0.5%CVE-2023-27266LOWDisclosure of team owner email address when when accessing the teams APIEPSS 0.5%CVE-2024-1402MEDIUMDenial of service in mattermost mobile apps and server via emoji reactionsEPSS 0.5%CVE-2023-4108MEDIUMAudit logging fails to sanitize post metadataEPSS 0.5%CVE-2024-28053LOWResource Exhaustion via the Invitation FeatureEPSS 0.5%CVE-2023-5968MEDIUMPassword hash in response body after username updateEPSS 0.5%CVE-2023-5967MEDIUMDenial of Service via crashing the Calls PluginEPSS 0.5%CVE-2024-1953MEDIUMMattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested fEPSS 0.5%CVE-2025-20072MEDIUMMobile crash via improper validation of proto style in attachmentsEPSS 0.5%CVE-2023-43754MEDIUMPermalink previews displayed for posts in archived channels even if users are disallowed to view archived channelsEPSS 0.5%CVE-2023-45223MEDIUMUsers full name disclosure through Mattermost Boards with Show Full Name Option disabledEPSS 0.5%CVE-2023-3593MEDIUMServer crash via a specially crafted markdown inputEPSS 0.5%CVE-2023-2788MEDIUMDeactivated user can retain access using oauth2 apiEPSS 0.5%CVE-2025-21083MEDIUMInsufficient Input Validation on Post PropsEPSS 0.5%CVE-2024-4198LOWMattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authentiEPSS 0.5%CVE-2023-27264HIGHIDOR: Updating a playbook via the Playbooks APIEPSS 0.5%