VYPR

Go modules package

github.com/mattermost/mattermost-plugin-calls

pkg:golang/github.com/mattermost/mattermost-plugin-calls

Vulnerabilities (3)

  • CVE-2026-6347HigMay 18, 2026
    affected < 1.12.0-rc2fixed 1.12.0-rc2

    Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present i

  • CVE-2025-12689Dec 17, 2025
    affected < 1.11.0fixed 1.11.0

    Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.

  • CVE-2025-62190Dec 17, 2025
    affected < 1.10.0fixed 1.10.0

    Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct mess