VYPR

Go modules package

github.com/mattermost/mattermost-plugin-msteams

pkg:golang/github.com/mattermost/mattermost-plugin-msteams

Vulnerabilities (4)

  • CVE-2026-24661LowApr 9, 2026
    affected < 1.15.1-0.20260213190728-6fe4d295592efixed 1.15.1-0.20260213190728-6fe4d295592e

    Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611

  • CVE-2026-21388LowApr 9, 2026
    affected < 1.15.1-0.20260213190728-6fe4d295592efixed 1.15.1-0.20260213190728-6fe4d295592e

    Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610

  • CVE-2026-2476Mar 16, 2026
    affected < 1.15.1-0.20260102165339-036c761bd3cbfixed 1.15.1-0.20260102165339-036c761bd3cb

    Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606

  • CVE-2025-27936Apr 16, 2025
    affected < 2.1.0fixed 2.1.0

    Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via