Vulnerabilidades en Mattermost
434 resultadosCVE-2025-20086MEDIUMInsufficient Input Validation on Post PropsEPSS 0.4%CVE-2023-6727LOWLeak Inaccessible Playbook Information via Channel Action IDOREPSS 0.4%CVE-2025-24490CRITICALSQL Injection in Mattermost Boards via board category ID reorderingEPSS 0.4%CVE-2023-2808MEDIUMLack of URL normalization allows rendering previews for disallowed domainsEPSS 0.4%CVE-2024-24975LOW Denial of Service for mobile app users due to automatic code highlightingEPSS 0.4%CVE-2025-41395MEDIUMWebapp DoS via malicious retrospective post in PlaybooksEPSS 0.4%CVE-2023-47168MEDIUMOpen redirect in /oauth/<service>/mobile_login?redirect_to=EPSS 0.4%CVE-2023-2791MEDIUMPlaybooks lets you edit arbitrary postsEPSS 0.4%CVE-2024-6428MEDIUMLimited DoS due to permitting creating users with user-defined IDsEPSS 0.4%CVE-2024-40884LOWUnauthorized disabling of invite URLEPSS 0.4%CVE-2024-23493MEDIUM Team associated AD/LDAP Groups Leaked due to missing authorizationEPSS 0.4%CVE-2025-6233MEDIUMArbitrary file read by system admin via path traversalEPSS 0.4%CVE-2025-8023MEDIUMPath Traversal in Template Upload Allows Uploading Files Outside Target DirectoryEPSS 0.4%CVE-2024-39830HIGHTiming attack during remote cluster token comparison when shared channels are enabledEPSS 0.4%CVE-2025-58073HIGHArbitrary Mattermost Team can be joined by manipulating the OAuth stateEPSS 0.4%CVE-2026-3524HIGHAuthorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission CheckEPSS 0.4%CVE-2023-5522MEDIUMMobile app freezes when receiving a post with hundreds of emojisEPSS 0.4%CVE-2023-49874MEDIUMIDOR when updating the tasks of a private playbook runEPSS 0.4%CVE-2023-35075LOWHTML injection via channel autocompleteEPSS 0.4%CVE-2024-1952LOWMattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing anEPSS 0.4%