Vulnerabilidades en Mattermost

438 resultados

Análisis Vexday

Com 434 CVEs catalogadas e nenhuma entrada confirmada no catálogo CISA KEV, o Mattermost apresenta taxa de exploração ativa abaixo da média geral do catálogo, o que indica risco operacional imediato relativamente contido. No entanto, o volume de 60 vulnerabilidades surgidas nos últimos 90 dias merece atenção, sinalizando um ritmo elevado de descoberta recente. A falha mais comum é CWE-863 (autorização incorreta), padrão que tende a permitir acesso não autorizado a recursos e funcionalidades, e que exige revisão cuidadosa de controles de acesso nas implementações. A CVE mais perigosa atualmente identificada, CVE-2025-25279, registra escore EPSS de 0,2081 — o mais alto observado no portfólio — e, embora ainda sem exploração confirmada, deve ser priorizada dado o risco potencial de aproveitamento próximo.

CVE-2025-35965MEDIUMDoS in Mattermost Playbooks via Excessive Task ActionsEPSS 0.3%CVE-2024-23488LOWFiles of archived channels accessible with the “Allow users to view archived channels” option disabledEPSS 0.3%CVE-2024-24776LOW Incorrect Authorization leads to Channel Member Count LeakEPSS 0.3%CVE-2023-3577LOWLimited blind SSRF to localhost/intranet in interactive dialog implementationEPSS 0.3%CVE-2025-54525HIGHUnexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence PluginEPSS 0.3%CVE-2025-22445LOWMisleading UI for undefined admin console settings in Calls causes security confusionEPSS 0.3%CVE-2024-39772LOWSilent Desktop Screenshot CaptureEPSS 0.3%CVE-2025-52931HIGHUnexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence PluginEPSS 0.3%CVE-2026-24661LOWUnbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook EndpointEPSS 0.3%CVE-2024-21848LOWUsers maintain access to active call after being removed from a channelEPSS 0.3%CVE-2026-21388LOWUnbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook EndpointEPSS 0.3%CVE-2025-12419CRITICALAccount takeover on OAuth/OpenID-enabled serversEPSS 0.3%CVE-2025-12421CRITICALAccount Takeover via Code Exchange EndpointEPSS 0.3%CVE-2023-45316HIGHReflected client side path traversal leading to CSRF in PlaybooksEPSS 0.3%CVE-2025-6226MEDIUMIDOR in CreatePost API allows for timeboxed message disclosureEPSS 0.3%CVE-2023-4106MEDIUMA guest user can perform various actions on public playbooksEPSS 0.3%CVE-2024-2445MEDIUMReflected XSS in Mattermost Jira pluginEPSS 0.3%CVE-2026-25773HIGHFocalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)EPSS 0.3%CVE-2025-58075HIGHArbitrary Mattermost Team can be joined by manipulating the SAML RelayStateEPSS 0.3%CVE-2025-10545LOWGuest user can add unauthorized team users to private channelsEPSS 0.3%

← anteriorpágina 10 / 22siguiente →