Vulnerabilidades em Mattermost
434 resultadosCVE-2024-32945LOWLaTeX post content manipulation via renderer state leak across contextsEPSS 0.2%CVE-2025-24866LOWUnauthorized Access to User Activity Logs API by delegated granular administration rolesEPSS 0.2%CVE-2025-1412LOWSession Persistence After User-to-Bot ConversionEPSS 0.2%CVE-2025-4573MEDIUMLDAP Injection in Mattermost Enterprise Edition When Using Active DirectoryEPSS 0.2%CVE-2026-1046HIGHArbitrary application execution via unvalidated server-controlled URLs in Help menuEPSS 0.2%CVE-2025-0503LOWLeaked User IDs and Metadata of Deleted DMsEPSS 0.2%CVE-2023-3586MEDIUM Disabling publicly-shared boards does not disable existing publicly available board linksEPSS 0.2%CVE-2025-1472MEDIUMUnauthorized View Access to Site Statistics and Team StatisticsEPSS 0.2%CVE-2025-49221LOWUnauthenticated Access to Channel Subscription in Mattermost Confluence PluginEPSS 0.2%CVE-2026-8823LOWUser Manager can demote bot accounts to guest without bot-management permissionEPSS 0.2%CVE-2026-3115MEDIUMGuest users can view group member IDs without respecting view restrictionsEPSS 0.2%CVE-2026-6345MEDIUMPrevent password disclosure and force reset during Slack importEPSS 0.2%CVE-2025-41423LOWUnauthorized Playbooks Post Deletion in Mattermost Playbooks PluginEPSS 0.2%CVE-2024-32045MEDIUMPlaybook run link to private channel grants channel accessEPSS 0.2%CVE-2025-2564MEDIUMUnauthorized View Access to Archived Channel Member InfoEPSS 0.2%CVE-2026-3117MEDIUMInstance and webhook GitLab plugin commands were able to be run by non-admin usersEPSS 0.2%CVE-2025-14273HIGHMattermost Jira plugin user spoofing enables Jira request forgery.EPSS 0.2%CVE-2025-31363LOWData exfiltration via AI plugin Jira toolEPSS 0.2%CVE-2025-30516LOWUnauthorized Notification Exposure in Mobile App Under Specific ConditionsEPSS 0.2%CVE-2025-54478HIGHUnauthenticated Channel Subscription Edit in Mattermost Confluence PluginEPSS 0.2%