Vulnerabilidades en Mattermost
434 resultadosCVE-2023-5159LOWA User Manager role with user edit permissions could manage/update botsEPSS 0.4%CVE-2023-2000MEDIUMUnrestricted navigation due to unvalidated mattermost server redirectionEPSS 0.4%CVE-2024-39777HIGHMalicious remote can invite itself to an arbitrary local channelEPSS 0.4%CVE-2023-3590LOWDeleted attachments in Boards remain accessibleEPSS 0.4%CVE-2024-41144MEDIUMMalicious remote can create/update/delete arbitrary posts in arbitrary channelsEPSS 0.4%CVE-2024-1942MEDIUMMattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under speEPSS 0.4%CVE-2023-5160MEDIUMFull name disclosure via team top membership with Show Full Name option disabledEPSS 0.4%CVE-2023-47858MEDIUMDetails of archived public channels are leaked to members of another teamEPSS 0.4%CVE-2023-2786MEDIUMChannel commands execution doesn't properly verify permissionsEPSS 0.4%CVE-2024-10214LOWIncorrect Session Creation with Desktop SSOEPSS 0.4%CVE-2025-0476MEDIUMMobile crash via file with specially crafted filenameEPSS 0.4%CVE-2026-20719MEDIUMDoS via URL Previews Rendering Malicious SVGsEPSS 0.4%CVE-2025-1558MEDIUMDenial of Service Via Malicious GIFEPSS 0.3%CVE-2024-39807LOWChannel IDs of archived/restored channels leaked via webhook eventsEPSS 0.3%CVE-2024-8071MEDIUMSystem Role with edit access to permissions can elevate themselves to system adminEPSS 0.3%CVE-2026-3116MEDIUMImproper Input Validation in Zoom Plugin Webhook HandlerEPSS 0.3%CVE-2026-3114MEDIUMZip Bomb Denial of Service via Unrestricted Archive DecompressionEPSS 0.3%CVE-2024-42497MEDIUMInsufficient permissions checks on teamsEPSS 0.3%CVE-2024-39274HIGHMalicious remote can add users to arbitrary teams and channelsEPSS 0.3%CVE-2025-25274MEDIUMUnauthorized Command Execution in Archived ChannelsEPSS 0.3%