VYPR

Vendor CVEs

Mattermost

All CVEs

523 total · sorted by risk
  • CVE-2025-49810Aug 21, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts

  • CVE-2025-36530Aug 21, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to install unauthorized custom plugins via path traversal in the import…

  • CVE-2025-8285Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.

  • CVE-2025-54525Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.

  • CVE-2025-54478Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.

  • CVE-2025-54463Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.

  • CVE-2025-54458Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.

  • CVE-2025-53910Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.

  • CVE-2025-53857Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.

  • CVE-2025-53514Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.

  • CVE-2025-52931Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.

  • CVE-2025-49221Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.

  • CVE-2025-48731Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint.

  • CVE-2025-44004Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.

  • CVE-2025-44001Aug 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint.

  • CVE-2025-6227Jul 18, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.

  • CVE-2025-6233Jul 18, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.

  • CVE-2025-6226Jul 18, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the…

  • CVE-2025-47871Jun 30, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to…

  • CVE-2025-46702Jun 30, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions…

  • CVE-2025-3228Jun 20, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

  • CVE-2025-3227Jun 20, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or…

  • CVE-2025-4981Jun 20, 2025
    risk 0.00cvss epss 0.01

    Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with…

  • CVE-2025-4128Jun 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}.

  • CVE-2025-4573Jun 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter…

  • CVE-2025-3611May 30, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct…

  • CVE-2025-3230May 30, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via…

  • CVE-2025-2571May 30, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.

  • CVE-2025-1792May 30, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members…

  • CVE-2025-3913May 29, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the…

  • CVE-2025-2570May 15, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.

  • CVE-2025-2527May 15, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request.

  • CVE-2025-3446May 15, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a…

  • CVE-2025-31947May 15, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.

  • CVE-2025-41423Apr 24, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the…

  • CVE-2025-35965Apr 24, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions…

  • CVE-2025-41395Apr 24, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and…

  • CVE-2025-2564Apr 16, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when…

  • CVE-2025-27936Apr 16, 2025
    risk 0.00cvss epss 0.00

    Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin…

  • CVE-2025-31363Apr 16, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt…

  • CVE-2025-27571Apr 16, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a…

  • CVE-2025-27538Apr 16, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if…

  • CVE-2025-24839Apr 16, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activate_ai override property to a post via the…

  • CVE-2025-2475Apr 14, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.

  • CVE-2025-2424Apr 14, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.

  • CVE-2025-32093Apr 14, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized…

  • CVE-2025-30516Apr 14, 2025
    risk 0.00cvss epss 0.00

    Mattermost Mobile Apps versions <=2.25.0  fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

  • CVE-2025-24866Apr 10, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.

  • CVE-2025-1558Mar 24, 2025
    risk 0.00cvss epss 0.00

    Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.

  • CVE-2025-25068Mar 21, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.

Page 4 of 11