Vulnerabilidades em Mattermost
434 resultadosCVE-2024-36257LOWLack of permission check when updating the profile picture of a remote user (shared channels enabled)EPSS 0.3%CVE-2025-55035MEDIUMMattermost Desktop DoS when user has basic authentication server configuredEPSS 0.3%CVE-2024-37182MEDIUMLack of permissions prompting when opening external URLsEPSS 0.3%CVE-2025-8402MEDIUMNil pointer dereference in bulk import crashes serverEPSS 0.3%CVE-2024-39613MEDIUMRCE in desktop app in Windows by local attackerEPSS 0.3%CVE-2026-7387HIGHMattermost group syncable endpoints allow privilege escalation via scheme_adminEPSS 0.3%CVE-2023-3582MEDIUMLack of channel membership check when linking a board to a channelEPSS 0.3%CVE-2024-34029MEDIUMAD/LDAP Group Members LeakEPSS 0.3%CVE-2023-3584LOWMember can create team with team override scheme EPSS 0.3%CVE-2026-6957HIGHPath traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.EPSS 0.3%CVE-2023-7113LOWMattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web cEPSS 0.3%CVE-2024-36492HIGHExisting local user overwritten by malicious remoteEPSS 0.3%CVE-2026-6961HIGHCVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation syncEPSS 0.3%CVE-2026-3109LOWMissing timestamp validation in Zoom webhook handlerEPSS 0.3%CVE-2025-30179MEDIUMMFA Enforcement Bypass in Search APIsEPSS 0.3%CVE-2024-42411MEDIUMUser creation date manipulation in POST /api/v4/usersEPSS 0.3%CVE-2026-6346HIGHSensitive credentials exposed in plaintext in Mattermost support packetsEPSS 0.3%CVE-2023-3615HIGHLack of server certificate validation in websockets connectionEPSS 0.3%CVE-2024-52032MEDIUMPrivate channel names leaking when Elasticsearch is enabledEPSS 0.3%CVE-2024-10241MEDIUMPrivate channel names leaked with Ctrl+K when ElasticSearch is enabledEPSS 0.3%