cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-20630,https://securityvulnerability.io/vulnerability/CVE-2025-20630,Mobile Application Crashes Due to Improper Handling of Posts in Mattermost,"Mattermost Mobile versions up to 2.22.0 contain a vulnerability that improperly handles posts with non-string attachments. This flaw can lead to a crash of the mobile application when a user receives a malicious post in a channel, jeopardizing the app's stability and user experience. It is crucial for users to stay informed and update to secure versions to mitigate this risk.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T18:18:58.742Z,0
CVE-2025-20621,https://securityvulnerability.io/vulnerability/CVE-2025-20621,Attachment Handling Flaw in Mattermost Web Application,"Certain versions of Mattermost are susceptible to a vulnerability that arises from improper handling of posts with attachments. Specifically, the issue occurs when fields within these attachments cannot be cast to a String type. An attacker can exploit this flaw by sending specially crafted posts to a channel, which may result in the web application crashing and denying service to legitimate users. Organizations utilizing affected versions of Mattermost should review security patches to mitigate this risk.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T18:16:28.042Z,0
CVE-2025-20072,https://securityvulnerability.io/vulnerability/CVE-2025-20072,Mobile Application Vulnerability in Mattermost Affecting User Experience,"The Mattermost Mobile application before version 2.22.0 is susceptible to a flaw where it fails to adequately validate the style of proto supplied to an action's style in post.props.attachments. This vulnerability can be exploited by an attacker to introduce crafted malicious input, potentially leading to application crashes on user devices. This security issue underscores the importance of validating user inputs to maintain the integrity and reliability of mobile applications.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T17:51:38.173Z,0
CVE-2025-0476,https://securityvulnerability.io/vulnerability/CVE-2025-0476,Mobile App Vulnerability in Mattermost by Mattermost,"The Mattermost Mobile Apps versions up to 2.22.0 exhibit a security flaw where specially crafted attachment names can lead to crashing the app. When users open a channel containing such an attachment, the mobile application becomes unstable, potentially disrupting user experience and functionality.",Mattermost,Mattermost,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-16T00:15:00.000Z,0
CVE-2025-20088,https://securityvulnerability.io/vulnerability/CVE-2025-20088,"Post Prop Validation Flaw in Mattermost by Mattermost, Inc.","A vulnerability exists in Mattermost versions 10.2.x, 9.11.x, 10.0.x, and 10.1.x, where the application does not adequately validate post properties. This flaw can be exploited by an authenticated malicious user to craft a malicious post, which may lead to an application crash, impacting the availability of the service.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T16:49:51.532Z,0
CVE-2025-20086,https://securityvulnerability.io/vulnerability/CVE-2025-20086,"Post Prop Validation Flaw in Mattermost by Mattermost, Inc.","Mattermost platforms, specifically versions 10.2.x through 10.2.0, 9.11.x through 9.11.5, 10.0.x through 10.0.3, and 10.1.x through 10.1.3 are susceptible to a vulnerability due to insufficient validation of post properties. This flaw permits a malicious authenticated user to craft a post that could lead to a system crash, potentially causing denial of service and impacting availability.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T16:49:51.066Z,0
CVE-2025-21083,https://securityvulnerability.io/vulnerability/CVE-2025-21083,Post Prop Validation Flaw in Mattermost Mobile Applications,"Mattermost Mobile Apps up to version 2.22.0 have a vulnerability where the application fails to properly validate post properties. This weakness can be exploited by an authenticated user to submit malicious posts, potentially causing the application to crash. It is crucial for users and administrators to be aware of this issue to maintain the integrity and reliability of the mobile applications.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T16:10:48.325Z,0
CVE-2025-20036,https://securityvulnerability.io/vulnerability/CVE-2025-20036,Post Props Validation Flaw in Mattermost Mobile Apps,"Mattermost Mobile Apps prior to version 2.22.0 are susceptible to an improper input validation vulnerability concerning post properties. An authenticated malicious user can exploit this flaw by crafting a malicious post, which can result in a crash of the mobile application. This issue highlights the importance of validating user inputs to maintain application stability and security.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T16:10:47.847Z,0
CVE-2025-21088,https://securityvulnerability.io/vulnerability/CVE-2025-21088,Input Validation Flaw in Mattermost Affects Multiple Versions,"Mattermost contains a vulnerability whereby certain versions do not adequately validate the style of proto used in post.props.attachments. This flaw can be exploited by an attacker sending crafted input that may cause the Mattermost frontend to crash, disrupting services and affecting user experience. Users of the affected versions are urged to upgrade to secure versions to mitigate this risk.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-15T15:51:49.474Z,0
CVE-2025-22445,https://securityvulnerability.io/vulnerability/CVE-2025-22445,Configuration Reporting Flaw in Mattermost by Mattermost Inc.,Mattermost versions up to and including 10.2 exhibit a configuration reporting flaw that leads to inaccurate UI representation of missing settings. This issue can cause confusion among administrators concerning the security-sensitive configuration related to calls. Proper visibility and correct representation of these settings are critical to ensure that admins can effectively manage their security posture and mitigate potential risks associated with misconfiguration.,Mattermost,Mattermost,3.5,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-09T06:55:13.389Z,0
CVE-2025-20033,https://securityvulnerability.io/vulnerability/CVE-2025-20033,Denial of Service Vulnerability in Mattermost by Mattermost Inc.,"Mattermost versions 10.2.0 and earlier, along with 9.11.x, 10.0.x, and 10.1.x up to specific versions, exhibit a failure to properly validate post types. This vulnerability allows malicious actors to craft posts with a custom notification type and specified properties, ultimately leading to a denial of service for users with the sysconsole_read_plugins permission. This issue underscores the significance of post validation in safeguarding user experience and workflow integrity.",Mattermost,Mattermost,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-09T06:55:02.063Z,0
CVE-2025-22449,https://securityvulnerability.io/vulnerability/CVE-2025-22449,Invitation Bypass Vulnerability in Mattermost by Mattermost Corporation,"In specific versions of Mattermost, team administrators can exploit a weakness related to invite permissions. This vulnerability allows them to bypass restrictions and invite users to their team without having the required permissions. By manipulating the 'allow_open_invite' setting to make their team public, unauthorized invitations can be extended, compromising the intended access control measures.",Mattermost,Mattermost,3.8,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-09T06:54:53.029Z,0
CVE-2024-11358,https://securityvulnerability.io/vulnerability/CVE-2024-11358,Vulnerability in Mattermost Android Mobile Apps Leading to Local File Access,CVE-2024-11358 describes a high-risk vulnerability in the Mattermost Android Mobile Apps (versions 2.21.0 and earlier) due to a failure in properly configuring file providers. This security flaw allows an attacker with local access to the device to potentially exploit this weakness to access sensitive files through the misconfigured file provider. Organizations using these apps are advised to review their security policies and update to the latest version to mitigate this risk.,Mattermost,Mattermost,5.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-16T16:20:27.908Z,0
CVE-2024-54682,https://securityvulnerability.io/vulnerability/CVE-2024-54682,File Size Limitations in Mattermost Lead to Potential Denial of Service Vulnerability,"CVE-2024-54682 identifies a critical vulnerability in Mattermost that affects specific versions of its communication platform. The issue arises from the absence of enforced file size limits during the import of Slack files. This oversight permits a team administrator to import a maliciously crafted zip file, known as a zip bomb, potentially leading to a Denial of Service (DoS). By exploiting this vulnerability, an attacker could overwhelm the server, significantly degrading or disabling service for users. Organizations utilizing affected versions of Mattermost should prioritize updating their software to mitigate this risk.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-16T08:03:44.318Z,0
CVE-2024-54083,https://securityvulnerability.io/vulnerability/CVE-2024-54083,Client-Side Denial of Service Vulnerability in Mattermost,"CVE-2024-54083 affects multiple versions of Mattermost, enabling a denial of service (DoS) attack through improperly validated callProps. This vulnerability allows malicious users to disrupt services by posting specially crafted messages in specific channels, affecting both web and mobile users. Affected versions include Mattermost 10.1.x (up to 10.1.2), 10.0.x (up to 10.0.2), and earlier versions like 9.11.x and 9.5.x. Users of these versions are advised to apply the latest security updates to mitigate potential disruptions.",Mattermost,Mattermost,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-16T08:02:19.214Z,0
CVE-2024-48872,https://securityvulnerability.io/vulnerability/CVE-2024-48872,Login Attempt Bypass Vulnerability in Mattermost Products,"CVE-2024-48872 identifies a critical vulnerability in Mattermost that allows attackers to bypass the 'Max failed attempts' restriction. This issue arises from the platform's failure to adequately manage concurrent login attempts, enabling malicious actors to send multiple login requests simultaneously. As a result, attackers can execute a high volume of login attempts without being blocked, significantly increasing the risk of unauthorized access to user accounts. Organizations using the affected versions of Mattermost should prioritize applying security updates available on the official Mattermost security updates page.",Mattermost,Mattermost,4.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-16T08:01:01.444Z,0
CVE-2024-12247,https://securityvulnerability.io/vulnerability/CVE-2024-12247,Old Permissions Can be Kept Even After Updating Permission Scheme,"Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated.",Mattermost,Mattermost,4.6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-05T15:20:49.383Z,0
CVE-2024-11599,https://securityvulnerability.io/vulnerability/CVE-2024-11599," Email Address Validation Vulnerability Affects Mattermost Versions","A flaw in certain versions of Mattermost allows an unauthenticated user to exploit improper email address validation during the registration process. This vulnerability permits the bypassing of email domain restrictions, which may lead to unauthorized access or impersonation risks. Organizations using affected versions should review their security measures and apply necessary updates to safeguard their platforms.",Mattermost,Mattermost,8.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-28T09:42:48.141Z,0
CVE-2024-52032,https://securityvulnerability.io/vulnerability/CVE-2024-52032,ElasticSearch query vulnerability,"Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when searching for the channel name in channel switcher which allows an attacker to get private channels names of channels that they are not a member of, when Elasticsearch v8 was enabled.",Mattermost,Mattermost,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-09T17:19:35.639Z,0
CVE-2024-36250,https://securityvulnerability.io/vulnerability/CVE-2024-36250,Mattermost MFA code vulnerability,"Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds",Mattermost,Mattermost,4.8,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-11-09T17:18:34.703Z,0
CVE-2024-42000,https://securityvulnerability.io/vulnerability/CVE-2024-42000,Mattermost Vulnerability Allows Access to Private Channels,"Certain versions of Mattermost exhibit a flaw in their authorization process related to the API endpoint /api/v4/channels. This vulnerability allows users or System Managers with 'Read Groups' permission, but without actual channel access, to retrieve information about private channels they do not belong to. Such unauthorized access can lead to potential privacy violations and compromise sensitive information, highlighting the importance of reviewing access controls and security measures in the affected versions.",Mattermost,Mattermost,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-11-09T17:17:25.038Z,0
CVE-2024-47401,https://securityvulnerability.io/vulnerability/CVE-2024-47401,Mattermost Vulnerability Allows for Amplified GraphQL Responses and Application Crash,"Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks.",Mattermost,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-29T09:15:00.000Z,0
CVE-2024-46872,https://securityvulnerability.io/vulnerability/CVE-2024-46872,Input Sanitization Flaw in Mattermost Web Application,"A critical input sanitization vulnerability has been discovered in Mattermost, affecting versions 9.10.2 or earlier in the 9.10.x series, 9.11.1 or earlier in the 9.11.x series, and 9.5.9 or earlier in the 9.5.x series. This vulnerability arises from the failure to properly sanitize user inputs on the frontend, enabling malicious actors to exploit it through a one-click client-side path traversal. This flaw has serious implications, as it establishes a potential pathway for Cross-Site Request Forgery (CSRF) attacks in Playbooks. Organizations using these affected versions are strongly advised to implement the recommended security updates to mitigate associated risks.",Mattermost,Mattermost Server,4.6,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-29T09:15:00.000Z,0
CVE-2024-50052,https://securityvulnerability.io/vulnerability/CVE-2024-50052,Authorization Flaw in Mattermost Leading to Uncontrolled Post Deletion,"A vulnerability has been identified in Mattermost versions 9.10.x up to 9.10.2, 9.11.x up to 9.11.1, and 9.5.x up to 9.5.9. This issue arises from the lack of validation for the origin of messages in integration actions, allowing an authenticated user to delete any post regardless of ownership. This weakness highlights the importance of proper authorization checks to prevent unauthorized modifications within the application.",Mattermost,Mattermost,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-29T08:15:00.000Z,0
CVE-2024-10241,https://securityvulnerability.io/vulnerability/CVE-2024-10241,Mattermost Private Channel Data Filtering Vulnerability,Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K.,Mattermost,Mattermost,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-10-29T08:08:20.873Z,0