Vulnerabilidades em Mattermost
434 resultadosCVE-2025-20036MEDIUMInsufficient Input Validation on Post PropsEPSS 0.5%CVE-2024-4195LOWMattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authentEPSS 0.5%CVE-2022-2408MEDIUMGuest accounts can list all public channelsEPSS 0.5%CVE-2023-27263MEDIUMIDOR: Accessing playbook runs via the Playbooks Runs APIEPSS 0.5%CVE-2023-5330MEDIUM Denial of Service via Opengraph Data CacheEPSS 0.5%CVE-2023-5876LOWRegex DoS from a malicious server enrolled in DesktopEPSS 0.5%CVE-2023-5333MEDIUM Denial of Service via multiple identical User IDs in /api/v4/users/idsEPSS 0.5%CVE-2022-1003LOWSysadmin can override existing configs & bypass restrictions like EnableUploadsEPSS 0.5%CVE-2023-2281LOWArchiving a team broadcasts unsanitized data over WebSocketsEPSS 0.5%CVE-2023-5193MEDIUMSystem Role with manage posts permission can read posts of Direct MessagesEPSS 0.5%CVE-2023-2515MEDIUMPrivilege escalation to system admin via personal access tokensEPSS 0.5%CVE-2023-2797LOWPath traversal in GitHub plugin's code preview featureEPSS 0.5%CVE-2024-3872LOWMattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which alloEPSS 0.5%CVE-2023-1562LOWFull name revealed via /plugins/focalboard/api/v2/usersEPSS 0.5%CVE-2023-7114HIGHMattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.EPSS 0.5%CVE-2025-36530MEDIUMImport Path Traversal Enables Unauthorized Unsigned Plugin InstallationEPSS 0.5%CVE-2024-11599HIGHDomain Restriction Bypass on RegistrationEPSS 0.5%CVE-2024-39832MEDIUMPermanently local data deletion by malicious remoteEPSS 0.5%CVE-2023-48732MEDIUMKeywords that trigger mentions are leaked to other usersEPSS 0.5%CVE-2024-39810MEDIUMServer crash via Elasticsearch certificate fileEPSS 0.5%